HTTPS GOING BACK TO HTTP AFTER FORMS -- WHY?

I had roughly the same problem and in my case it was because the proper headers weren't being set. Rails uses certain headers to determine if the current request is using SSL and thus if it should use https:// when generating URLs with url_for(). I had to add the following line to my Apache configuration for the secure virtualhost to get it to work:

    RequestHeader set X_FORWARDED_PROTO 'https'

A quick glance at the ActionController source reveals this method:

    # Is this an SSL request?     def ssl?       @env['HTTPS'] == 'on' || @env['HTTP_X_FORWARDED_PROTO'] == 'https'     end

I'm not sure why I didn't need to append "HTTP_" to the request header name, but it works (probably because somewhere along the line it gets appended automatically.)

Try setting any of these headers in your web server's configuration.

Best of luck.

Ian

If you use the ssl_requirement plugin, then you can just declare the action to which your form is submitting as requiring ssl in the controller, and you don't need the protocol specification in the form_tag.

Michael Slater www.BuildingWebApps.com

The real problem is that his application isn't recognizing that it's currently being accessed via SSL, so all the URLs are being generated with http:// instead of https://. If he used the ssl_requirement plug- in without addressing the matter of the environment variable, that plug-in would cause an infinite loop of redirects, as it would continuously think it wasn't being access via SSL even though it was.