I notice there’s the protocol option you can pass to route helpers to ensure that you can use https.
I’m just wondering if there’s a setting that can be applied globally so that I don’t have to do this with each individual call.
Thanks.
I notice there’s the protocol option you can pass to route helpers to ensure that you can use https.
I’m just wondering if there’s a setting that can be applied globally so that I don’t have to do this with each individual call.
Thanks.
Couple options on this:
Rails.application.routes.default_url_options[:protocol]= ‘https’
config.force_ssl = true
The second form will also do a couple things:
makes URL helpers return HTTPS URLs
makes session cookies secure (only sent over HTTPS)
automatically redirects visitors on HTTP to HTTPS
sends HSTS headers (HTTP Strict Transport Security - Wikipedia )
Probably better to use “config.force_ssl” unless you don’t need / can’t use some of the extra things it does.
–Matt Jones