Monday, August 12, 2013
On Friday, 9 August 2013 15:15:16 UTC-4, stantona wrote:
I notice there's the protocol option you can pass to route helpers to ensure that you can use https.I'm just wondering if there's a setting that can be applied globally so that I don't have to do this with each individual call.Thanks.
Couple options on this:
* use default_url_options - add this in an initializer:
Rails.application.routes.default_url_options[:protocol]= 'https'
* (better) use the force_ssl config option in, say, config/environments/production.rb:
config.force_ssl = true
The second form will also do a couple things:
* makes URL helpers return HTTPS URLs
* makes session cookies secure (only sent over HTTPS)
* automatically redirects visitors on HTTP to HTTPS
* sends HSTS headers (http://en.wikipedia.org/wiki/Strict_Transport_Security )
Probably better to use "config.force_ssl" unless you don't need / can't use some of the extra things it does.
--Matt Jones
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/fe30fe13-e2d6-4d09-ac17-748f09dfbe9b%40googlegroups.com?hl=en-US.
For more options, visit https://groups.google.com/groups/opt_out.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment