Module: ActionController::ForceSSL

Relationships & Source Files
Namespace Children
Modules: ClassMethods
Extension / Inclusion / Inheritance Descendants
Included In: Base, ::ActionView::TestCase::TestController, Rails::ApplicationController, Rails::InfoController, Rails::MailersController, Rails::WelcomeController
Super Chains via Extension / Inclusion / Inheritance
Class Chain: self, ::ActiveSupport::DescendantsTracker, ::ActiveSupport::Concern
Instance Chain: self, ::AbstractController::Callbacks, ::ActiveSupport::Callbacks
Defined in:	actionpack/lib/action_controller/metal/force_ssl.rb

Overview

This module provides a method which will redirect browser to use HTTPS protocol. This will ensure that user's sensitive information will be transferred safely over the internet. You should always force browser to use HTTPS when you're transferring sensitive information such as user authentication, account information, or credit card information.

Note that if you are really concerned about your application security, you might consider using config.force_ssl in your config file instead. That will ensure all the data transferred via HTTPS protocol and prevent user from getting session hijacked when accessing the site under unsecured HTTP protocol.

Constant Summary

ACTION_OPTIONS =
# File 'actionpack/lib/action_controller/metal/force_ssl.rb', line 20
```
[:only, :except, :if, :unless]
```
REDIRECT_OPTIONS =
# File 'actionpack/lib/action_controller/metal/force_ssl.rb', line 22
```
[:status, :flash, :alert, :notice]
```
URL_OPTIONS =
# File 'actionpack/lib/action_controller/metal/force_ssl.rb', line 21
```
[:protocol, :host, :domain, :subdomain, :port, :path]
```

::ActiveSupport::Callbacks - Included

CALLBACK_FILTER_TYPES

Class Method Summary

::ActiveSupport::DescendantsTracker - self

clear, descendants, direct_descendants,
store_inherited	This is the only method that is not thread safe, but is only ever called during the eager loading phase.

::ActiveSupport::Concern - Extended

append_features, class_methods, included

Instance Method Summary

#force_ssl_redirect(host_or_options = nil)

Redirect the existing request to use the HTTPS protocol.

::AbstractController::Callbacks - Included

#process_action

Override AbstractController::Base's process_action to run the process_action callbacks around the normal behavior.

::ActiveSupport::Callbacks - Included

#run_callbacks

Runs the callbacks for the given event.

Instance Method Details

#force_ssl_redirect(host_or_options = nil)

Redirect the existing request to use the HTTPS protocol.

Parameters

host_or_options - Either a host name or any of the url & redirect options
```
available to the {force_ssl} method.
```

[ GitHub ]

# File 'actionpack/lib/action_controller/metal/force_ssl.rb', line 76


def force_ssl_redirect(host_or_options = nil)
  unless request.ssl?
    options = {
      :protocol => 'https://',
      :host     => request.host,
      :path     => request.fullpath,
      :status   => :moved_permanently
    }

    if host_or_options.is_a?(Hash)
      options.merge!(host_or_options)
    elsif host_or_options
      options[:host] = host_or_options
    end

    secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
    flash.keep if respond_to?(:flash)
    redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
  end
end