Re: [Rails] Re: SSL on Rails & nginx: Filter chain halted

Ruby on Rails Monday, January 3, 2011

On Jan 3, 2011, at 3:23 PM, Frederick Cheung wrote:

>
>
> On Jan 3, 7:40 pm, "Mustafa C." <li...@ruby-forum.com> wrote:
>>> Have you looked at this page?
>>> http://stackoverflow.com/questions/1662262/rails-redirect-with-https
>>
>>> Walter
>>
>> Hi Walter,
>> Thanks. I had seen it; it made sense to revisit it at this point.
>> However, it still doesn't cure my problem. I put in the below code:
>> def require_ssl
>> if request.ssl?
>> return true
>> else
>> redirect_to :protocol => "https://"
>> end
>>
>> And athttp://mysite.com; when I attempt a login, I get following:
>> Processing SessionsController#create [POST]
>> Parameters: {"action"=>"create", "controller"=>"sessions",
>> "login"=>"my_user", "password"=>"[FILTERED]"}
>> Redirected tohttps://mysite.com/sessions
>> Filter chain halted as [:require_ssl] rendered_or_redirected.
>>
>
> Redirecting halts the filter chain - this is entirely normal
>
>> It behaves similarly with the following path as well:
>> redirect_to :protocol => "https://", :controller => "home", :action
>> =>
>> "index".
>>
>> I am not clear how redirect_to works. Rails code says "It redirects
>> the
>> browser to the target specified in +options+". My client is
>> Javascript,
>> how does it ask the browser to redirect, so I can handle that? There
>> seems to be a lower level retry mechanism, which doesn't reach up to
>> Javascript??
>
> The browser handles the redirect - your javascript won't be aware of
> it at all.
>
> Fred

If you're trying to run an Ajax request in https, then the surrounding
page must also be https or you will hit the same-origin trap. So you
need to ensure first that this outer page is always requested through
https, and also confirm that the inner Ajax request is also coming
through https (although that will probably take care of itself if the
outer page can only be requested through https).

Walter

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Posted by Ruby on Rails at 12:30 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)