简体繁体 English

Force_ssl /强制返回http。最好的方法是什么？

[英]Force_ssl / force back to http. What's the best way to do this?

原文 2012-03-03 23:36:02 9 1 ruby-on-rails/ ruby-on-rails-3

I am using force_ssl in my Users and Sessions controllers. 我在用户和会话控制器中使用force_ssl。 This works great. 这很好。 When I go actions in either of these controllers my browser will redirect to https. 当我在这些控制器中的任何一个上执行操作时，我的浏览器将重定向到https。 The problem is that after the user is redirected to https their browser will continue to use https at least when using relative URLS. 问题在于，将用户重定向到https后，至少在使用相对URL时，其浏览器将继续使用https。 I'd rather the user use http for other pages in the application. 我希望用户在应用程序的其他页面中使用http。 I've come up with 3 possible strategies to guide users back to http for other pages. 我想出了3种可能的策略来指导用户回到其他页面的http。

Use absolute urls instead of relative urls. 使用绝对网址而不是相对网址。 With this strategy I avoid using things like root_path, but instead use root_url. 通过这种策略，我避免使用root_path之类的东西，而是使用root_url。 I can set default_url_options in my application controller to use http protocol. 我可以在应用程序控制器中将default_url_options设置为使用http协议。 This way all links on in my application will attempt to guide the user back to http. 这样，应用程序中所有打开的链接都将尝试将用户引导回http。 They could always switch it to https in their browser manually, but I don't really care if they do that. 他们总是可以在浏览器中手动将其切换为https，但是我真的不在乎是否这样做。
Write a before filter similar to https://gist.github.com/1040964 . 编写一个类似于https://gist.github.com/1040964的before过滤器。 I don't really like this because I would have to repeat which controllers / actions I am forcing to ssl in the application controller as well as the specific controller in which I use force_ssl. 我不太喜欢这样做，因为我必须重复在应用程序控制器中以及我在其中使用force_ssl的特定控制器中强制使用ssl的控制器/动作。
Use this plugin https://github.com/bartt/ssl_requirement . 使用此插件https://github.com/bartt/ssl_requirement 。 This plugin seems nice because it by default will force to http if I don't say anything. 这个插件看起来不错，因为默认情况下，如果我什么也没说，它将默认强制为http。 Forcing to ssl seems very similar to the include force_ssl method. 强制使用ssl似乎与include force_ssl方法非常相似。 This seems like a good solution but I don't want to rely on a plugin if there is a easy way to do this without it. 这似乎是一个很好的解决方案，但是如果没有一种简单的方法可以执行此操作，则我不希望依赖于该插件。

I can't decided which of these 3 options is the best and am looking for guidance. 我无法确定这3个选项中哪一个最好，因此我正在寻找指导。 I'm also new to Rails so if any of these solutions is "bad" please let me know. 我也是Rails的新手，所以如果这些解决方案中的任何一个“不好”，请告诉我。 Also if there are other options I am not aware of please let me know. 另外，如果还有其他我不知道的选项，请告诉我。

Which solution is best if any? 哪种解决方案最好（如果有）？ (Rails 3.2) （Rails 3.2）

1 个解决方案

Best is the plugin. 最好的是插件。 The source code to that plugin is very similar to the code in your gist. 该插件的源代码与要点中的代码非常相似。 In fact, if you're averse to the plugin, all you really need is the part here: 实际上，如果您不喜欢该插件，那么您真正需要的只是这里的一部分：

https://github.com/bartt/ssl_requirement/blob/master/lib/ssl_requirement.rb#L112 https://github.com/bartt/ssl_requirement/blob/master/lib/ssl_requirement.rb#L112

You can adapt it to your application_controller.rb or take the plugin fully. 您可以将其调整为application_controller.rb或完全使用该插件。

Cheers. 干杯。