Hi all,
This plugin lets you specify which actions *must* be run under ssl (https). If a declared action is run without ssl, the user is redirect to https. Also, once you declare an action to "require_ssl", any links to that action are going to be https:// links.
http://svn.ianwarshak.com/plugins/secure_actions
Hopefully you all will find this useful.
Ian
Looks good, thanks. I'll give this a try.
Question: How is this different from the ssl_requirement plugin from DHH? Is it based off it? How have you improved/modified it?
Thanks Marson,
The one main thing that this plugin adds to DHH's ssl_requirement plugin is the automatic https:// links to secure actions when using link_to, etc.
The idea was really this: Redirecting a user to a secure version of the site if that action is declared "secure" is an ok solution, but it is really a failsace. If you are posting to an action with your login/ password and you post it to http://, then being redirected to https:// is kind of meaningless since your credentials were transmitted in the clear once.
With this plugin, you can declare your secure actions in one place, and are assured that any forms, links, etc to those actions are going to be https://
Hope this helps Ian
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks