bump (still interested re this item if anyone knows how to do this)
bump (still interested re this item if anyone knows how to do this)
Well, I don't know how you would deal with it there, so my instructions will be general.
Making some of your pages ssl requires some setup on your web server in addition to some setup in your application.
On the web server, just make an ssl site.
You can then set up some methods in app/controllers/application.rb which you can then use as a before_filter in your controllers. The two methods you need are "ssl_required" and "ssl_prohibited". They look something like this:
def ssl_required unless @request.ssl? redirect_to "https://#\{@request.host}/#{@request.request_uri}" end end
def ssl_prohibited if @request.ssl? redirect_to "http://#\{@request.host}/#{@request.request_uri}" end end
(this is untested, you might need to fix it. If so, please followup this post with the fix for future searching)
You can then put:
before_filter :ssl_required, :only => [:cart, :checkout]
to force some items to ssl. You then use the opposite:
before_filter: ssl_prohibited
for controllers or actions that shouldn't be ssl.
If you have access to web server config, you can also force ssl or non-ssl on certain paths using "redirectmatch". Doing it in your app gives you a little more flexibility and keeps it all in one place.
Michael
excellent - thanks for these pointers Michael
it sounds like at dreamhost I have to pay more $$ to get SSL for my app per this link.
That is extra for: (a) purchase a unique ip add-on ($3.95/month) (b) purchase a secure certificate on their own from a party
Does this sound normal/reasonable? Is there another way to get SSL happening for my application on dreamhost?
Tks
Sounds very reasonable for a shared host. You will always need a certificate (Go Daddy has them for very cheap) and a static IP address for SSL. Even if you were on a dedicated server, you’d have to allocate a unique IP address and buy a certificate.
Brad
ok - thanks Brad
