Greetings all,
Apologies in advance for the cross-post.
I just got a report that I really need some help understanding.
My site ( www.yourtimematters.com ) is set up so that
-
any attempted access to yourtimematters.com gets redirected to www.yourtimematters.com
-
all access to www.yourtimematters.com takes place using https://
The visitor I was walking through the app with (over the phone) was getting warnings as she advanced from page to page that she was “being redirected to a non-secure page.” If she clicked OK, she was taken to https:// the_next_page. This happened on every page within the app.
What could be causing this? The entire site is secured. All of the pages advance via a button that’s a form_tag{:controller => ‘some_controller’, :action => ‘some_action’} with nothing in the form but the submit_tag. All the pages are being served from the app by mongrel through Apache to the browser.
This is the only visitor that’s seen this behavior, but I assume that if she saw it, others will too. She was accessing the site from her office at Adobe, so I assume there’s some pretty heavy firewall stuff going on. Could something on her end be causing this?
Any ideas?
Thanks in advance,
Bill
Looks like your "mainnav" links are hard-coded to http, not https.
Are you using link_to everywhere?
-- Wes
Hi Wes,
wesgarrison wrote:
Looks like your "mainnav" links are hard-coded to http,
not https.
That was a good catch. I'd forgotten to change that. Unfortunately, that wasn't it.
Are you using link_to everywhere?
No. The problem looks to be caused when I'm doing a redirect_to from one controller method to another. That generates a 302 header which IE 6 is having a problem with.
Do you (or anyone reading this) know if the 302 header says anything about where the move is headed? Like maybe there's a default setting that says "going to http://"+new_location that I could override and get to say "going to https://"+new_location ? Do routes maybe figure in this somehow? Any ideas are very, very welcome.
Thanks,
Bill
I've used this before to force everything to https:
In application.rb:
# Force https usage for all links and redirects
# Only do this in production-ish modes, though, because localhost
# probably doesn't have SSL enabled
if %w(production staging demo etc).include?(ENV['RAILS_ENV'])
def default_url_options(options)
{ :protocol => 'https://' }
end
end
As for the redirects, your log should have a line like this:
Redirected to http://127.0.0.1:3000/
Completed in 0.09400 (10 reqs/sec) | DB: 0.09400 (100%) | 302 Found
[http://127.0.0.7/etc/show\]
That'd show you if you're being redirected to https or not. I'd try
the first thing to see if it worked, though. If anyone else has a
reason not to do that, I'd like to hear it, too. It's worked okay for
me for several months, though.
-- Wes
Way cool. Looks like what I'd expected to find. Thank you. I'll give it a shot and let you know what happens.
Thanks much,
Bill