Force the request to this particular controller or specified actions to be through the HTTPS protocol.
If you need to disable this for any reason (e.g. development) then you can use an :if
or :unless
condition.
class AccountsController < ApplicationController force_ssl if: :ssl_configured? def ssl_configured? !Rails.env.development? end end
You can pass any of the following options to affect the redirect url
host
- Redirect to a different host name
subdomain
- Redirect to a different subdomain
domain
- Redirect to a different domain
port
- Redirect to a non-standard port
path
- Redirect to a different path
You can pass any of the following options to affect the redirect status and response
status
- Redirect with a custom status (default is 301 Moved Permanently)
flash
- Set a flash message when redirecting
alert
- Set an alert message when redirecting
notice
- Set a notice message when redirecting
You can pass any of the following options to affect the before_action callback
only
- The callback should be run only for this action
except
- The callback should be run for all actions except this action
if
- A symbol naming an instance method or a proc; the callback will be called only when it returns a true value.
unless
- A symbol naming an instance method or a proc; the callback will be called only when it returns a false value.
# File actionpack/lib/action_controller/metal/force_ssl.rb, line 62 def force_ssl(options = {}) action_options = options.slice(*ACTION_OPTIONS) redirect_options = options.except(*ACTION_OPTIONS) before_action(action_options) do force_ssl_redirect(redirect_options) end end
© 2004–2017 David Heinemeier Hansson
Licensed under the MIT License.