module ActionController::ForceSSL

Included modules:
AbstractController::Callbacks

This module provides a method which will redirect the browser to use HTTPS protocol. This will ensure that user's sensitive information will be transferred safely over the internet. You should always force the browser to use HTTPS when you're transferring sensitive information such as user authentication, account information, or credit card information.

Note that if you are really concerned about your application security, you might consider using config.force_ssl in your config file instead. That will ensure all the data transferred via HTTPS protocol and prevent the user from getting their session hijacked when accessing the site over unsecured HTTP protocol.

Constants

ACTION_OPTIONS
REDIRECT_OPTIONS
URL_OPTIONS

Public Instance Methods

force_ssl_redirect(host_or_options = nil) Show source
# File actionpack/lib/action_controller/metal/force_ssl.rb, line 76
def force_ssl_redirect(host_or_options = nil)
  unless request.ssl?
    options = {
      :protocol => 'https://',
      :host     => request.host,
      :path     => request.fullpath,
      :status   => :moved_permanently
    }

    if host_or_options.is_a?(Hash)
      options.merge!(host_or_options)
    elsif host_or_options
      options[:host] = host_or_options
    end

    secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
    flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
    redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
  end
end

Redirect the existing request to use the HTTPS protocol.

Parameters

  • host_or_options - Either a host name or any of the url & redirect options available to the force_ssl method.

© 2004–2018 David Heinemeier Hansson
Licensed under the MIT License.