Module: ActionController::ForceSSL

Extended by:
ActiveSupport::Concern
Includes:
AbstractController::Callbacks
Defined in:
lib/action_controller/metal/force_ssl.rb

Overview

This module is deprecated in favor of config.force_ssl in your environment config file. This will ensure all endpoints not explicitly marked otherwise will have all communication served over HTTPS.

Defined Under Namespace

Modules: ClassMethods

Constant Summary collapse

ACTION_OPTIONS = 
[:only, :except, :if, :unless]
URL_OPTIONS = 
[:protocol, :host, :domain, :subdomain, :port, :path]
REDIRECT_OPTIONS = 
[:status, :flash, :alert, :notice]

Instance Method Summary collapse

Methods included from AbstractController::Callbacks

#process_action

Instance Method Details

#force_ssl_redirect(host_or_options = nil) ⇒ Object 



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/action_controller/metal/force_ssl.rb', line 37

def force_ssl_redirect(host_or_options = nil)
  unless request.ssl?
    options = {
      protocol: "https://",
      host: request.host,
      path: request.fullpath,
      status: :moved_permanently,
    }

    if host_or_options.is_a?(Hash)
      options.merge!(host_or_options)
    elsif host_or_options
      options[:host] = host_or_options
    end

    secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
    flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
    redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
  end
end