[Rails] Re: SSL on Rails & nginx: Filter chain halted

Ruby on Rails Sunday, January 2, 2011

On Jan 2, 10:15 pm, "Mustafa C." <li...@ruby-forum.com> wrote:
> I am on http when I send the Ajax request. About the same origin policy,
> I thought Rails/Nginx would switch it over to HTTPS protocol as the
> request is being sent to an action that requires SSL(ie.
> SessionsController:create is set up with ssl_required).
>
The single origin policy is a client side thing, not a server side
thing: the browser simply won't let you make requests that wouldn't be
compliant.

Besides, posts across redirects are a messy business. Even if they
worked you would have already sent the data over the wire unencrypted,
so it would be pointless to then send it a second time encrypted.

> If my above understanding is not correct, then should I be first
> switching the page to HTTPs and then send the Ajax request? To test
> that, I issued "location.href=location.href.replace('http:','https:');"
> at browser's console to switch, which does switch tohttps://mysite.com;
> but the page is empty and has only "Welcome to nginx!".

That sounds like you haven't got ssl setup properly yet. Independantly
of ajax etc. you need to get your app running on ssl. There should be
plenty of tutorials covering that.
You might also want to take a step back - what are you trying to
achieve (ie what do these requests do) ?

Fred
>
> I added "root /my_public_dir; passenger_enabled on;" in nginx.conf and
> reloadedhttps://mysite.com. The result was "403 Forbidden" this time!
> Am I on the right track here? How do I get the Rails/nginx to show the
> same page when I switch to https?
>
> If you or anyone else can shed some light on my questions here and
> previous post on this thread, it will be much appreciated. A good
> tutorial on Ajax + SSL for Rails/Javascript is much needed, there is a
> huge info gap on this on the web.


>
> Many thanks.
>
> --
> Posted viahttp://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Posted by Ruby on Rails at 3:31 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)