This module provides a method which will redirect browser to use HTTPS protocol. This will ensure that user's sensitive information will be transferred safely over the internet. You should always force browser to use HTTPS when you're transferring sensitive information such as user authentication, account information, or credit card information.
Note that if you are really concerned about your application security, you
might consider using config.force_ssl
in your config file
instead. That will ensure all the data transferred via HTTPS protocol and
prevent user from getting session hijacked when accessing the site under
unsecured HTTP protocol.
ACTION_OPTIONS | = | [:only, :except, :if, :unless] |
URL_OPTIONS | = | [:protocol, :host, :domain, :subdomain, :port, :path] |
REDIRECT_OPTIONS | = | [:status, :flash, :alert, :notice] |
Redirect the existing request to use the HTTPS protocol.
Parameters
-
host_or_options
- Either a host name or any of the url & redirect optionsavailable to the <tt>force_ssl</tt> method.
# File actionpack/lib/action_controller/metal/force_ssl.rb, line 76 def force_ssl_redirect(host_or_options = nil) unless request.ssl? options = { :protocol => 'https://', :host => request.host, :path => request.fullpath, :status => :moved_permanently } if host_or_options.is_a?(Hash) options.merge!(host_or_options) elsif host_or_options options.merge!(:host => host_or_options) end secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS)) flash.keep if respond_to?(:flash) redirect_to secure_url, options.slice(*REDIRECT_OPTIONS) end end