I notice there’s the protocol option you can pass to route helpers to ensure that you can use https.
I’m just wondering if there’s a setting that can be applied globally so that I don’t have to do this with each individual call.
Thanks.
Couple options on this:
- use default_url_options - add this in an initializer:
Rails.application.routes.default_url_options[:protocol]= ‘https’
- (better) use the force_ssl config option in, say, config/environments/production.rb:
config.force_ssl = true
The second form will also do a couple things:
-
makes URL helpers return HTTPS URLs
-
makes session cookies secure (only sent over HTTPS)
-
automatically redirects visitors on HTTP to HTTPS
-
sends HSTS headers (HTTP Strict Transport Security - Wikipedia )
Probably better to use “config.force_ssl” unless you don’t need / can’t use some of the extra things it does.
–Matt Jones
