Accept only HTTPS requests in Ruby on Rails
Question
For the some actions, I would like to accept only HTTPS request.
This is my first code, but I think there is a better way.
before_filter :reject_http_request, :only => [:fucntion_a, :function_b]
def reject_http_request
scheme = request.protocol.to_s.downcase
if scheme == 'http://'
raise AccessDeniedException.new("Not allowed protocol scheme")
end
true
end
How can I improve this code?
2 answers
solution1
8 ACCPTED 2013-01-07 06:01:45
You can do this at the Rack level with the rack-ssl-enforcer gem. It's configurable to allow exclusion of specific paths, hosts, and methods.
If it meets your needs, I'd recommend doing this over rolling your own solution. We currently use it in production and it works great.
solution2
5 2013-01-07 06:43:10
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Ruby on Rails - Active Storage - how to accept only pdf and doc?
Ruby on Rails http to https
HTTPS implementation in Ruby on rails
How to handle or prevent “Only post requests are allowed” error in Ruby on Rails?
Ruby on Rails strange requests
Ruby on Rails Accept post request
Ruby on Rails: While in development, how can I send requests to 3rd party API that uses HTTPS?
Is a framework required for Ruby to accept POST requests?
How can I set my Rails controllers to, by default, only accept HTML requests?
Using https and SSL with Ruby on Rails
Related Tags