For the some actions, I would like to accept only HTTPS request.
This is my first code, but I think there is a better way.
before_filter :reject_http_request, :only => [:fucntion_a, :function_b]
def reject_http_request
scheme = request.protocol.to_s.downcase
if scheme == 'http://'
raise AccessDeniedException.new("Not allowed protocol scheme")
end
true
end
How can I improve this code?
You can do this at the Rack level with the rack-ssl-enforcer
gem. It's configurable to allow exclusion of specific paths, hosts, and methods.
If it meets your needs, I'd recommend doing this over rolling your own solution. We currently use it in production and it works great.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.