I need to use SSL for a certain controller in my app. My app adapts style and some content from the domain being called via request.host. All of the domains are served up from apache-passenger vhost.
domain1.com is blue domain2.com is red etc etc
However, in order to keep to a single SSL certificate I only want to use one domain for port 443, again pointing to the same app directory. So I would like the following redirects to work correctly:
http://domain1.com/pay/2 redirect to https://secure.domain1.com/pay/2 http://domain2.com/pay/2 redirect to https://secure.domain1.com/pay/2 - note it is still on domain1.com
# Copyright (c) 2005 David Heinemeier Hansson module SslRequirement def self.included(controller) controller.extend(ClassMethods) controller.before_filter(:ensure_proper_protocol) end
module ClassMethods # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol). def ssl_required(*actions) write_inheritable_array(:ssl_required_actions, actions) end
def ssl_allowed(*actions) write_inheritable_array(:ssl_allowed_actions, actions) end end
protected # Returns true if the current action is supposed to run as SSL def ssl_required? (self.class.read_inheritable_attribute(:ssl_required_actions) || ).include?(action_name.to_sym) end
def ssl_allowed? (self.class.read_inheritable_attribute(:ssl_allowed_actions) || ).include?(action_name.to_sym) end
private def ensure_proper_protocol return true if ssl_allowed?
if ssl_required? && !request.ssl? redirect_to "https://" + request.host + request.request_uri flash.keep return false elsif request.ssl? && !ssl_required? redirect_to "http://" + request.host + request.request_uri flash.keep return false end end end
The obvious thing would be to change the code in the plugin from redirect_to "https://" + request.host + request.request_uri to redirect_to "https://" + "secure.domain1.com" + request.request_uri /* use a app config parameter not hardcode
However, is there a better way of re-implimenting this without changing the plugin through over-riding the method. I hate to change the code of a plugin as in my past coding experience this always causes plugin upgrade issues.
Also, if I do such a redirect, would my session information be maintained? If so I can still use my skinning logic.
Thanks,
O.