Forcing urls to use https

I found this extremely useful:

def redirect_to_ssl
    redirect_to url_for params.merge({:protocol => 'https://'}) unless request.ssl?

Put this in your application controller and call

before_filter :redirect_to_ssl

on every controller that would require ssl. You can pick which actions would only require this by extending your before_filter declaration as such:

before_filter :redirect_to_ssl, :only => [:new, :purchase]

or even by exclusion, whichever is more convenient for your case:

before_filter :redirect_to_ssl, :except => [:show]

PS: There are other resources too, such as this one (that could be of help):

Maricris Nonato

I turn tech ideas into websites using Ruby. I'm a budding Buddhist practitioner, passionate about health & fitness, and a cat fanatic!