How do I selectively enable SSL in Rails 4 for certain paths?
Question
How do I turn SSL HTTPS off for a given path? I saw Enable SSL for certain resource actions but that was to enable HTTPS for a single path. My config has
config.force_ssl = true
However when I show a page that has an iframe and embeds an external source
<iframe src='http://www.
Then it doesn't even appear (Chrome) because it is mixed content. So I want to disable SSL for that single route that has an iframe. (I really want to turn it on & off depending on the content.)
I tried adding this to my routes.rb
get 'frame', :constraints => { :protocol => 'http' }
but that gave an error http://127.0.0.1:3000/posts/136/frame
No route matches [GET] "/posts/136/frame"
even though the route shows up
frame_post GET /posts/:id/frame(.:format) posts#frame {:protocol=>"http"}
I also saw Force SSL for specific routes in Rails 3.1 and tried
gem 'rack-ssl-enforcer' # Gemfile
config.middleware.use Rack::SslEnforcer, :except => [ /\/frame$/ ], :strict => true # application.rb
but it still always redirects to https. I also tried
force_ssl :except => :frame # posts_controller.rb
But that didn't work either.
I'm using Rails 4.1.
1 answers
solution1
3 2014-04-22 19:26:06
Rack ssl enforcer is a great solution for this - your regular expression is wrong. In your form, the regex would only exclude a path that is entirely '/frame', and would not exclude a path that had anything before /frame
If you want to exclude any path that ends with /frame , The correct regular expression would be:
\.*\/frame$/
Resulting in a config:
config.middleware.use Rack::SslEnforcer, :except => [ \.*\/frame$/ ], :strict => true
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.