Issue with Redirects

[irmiller22]

So I have SSL Enforcer configured in my application like so:

config.middleware.use Rack::SslEnforcer, :only_hosts => 'photos.example.com'

When I check the URL redirects in the browser when going to http://photos.example.com, I get the following redirect chain:

1) http://photos.example.com
2) Redirects to https://photos.example.com
3) Redirects to http://photos.example.com/account_sessions
4) Redirects to https://photos.example.com/account_sessions

Is there a way to eliminate step 3, as in going from:

2) Redirects to https://photos.example.com
3) Redirects to https://photos.example.com/account_sessions

My initial thought was that once a host is specified in the configurations, then it only enforces SSL/HTTPS protocol for that domain, and doesn't allow redirects to an HTTP protocol.

[tobmatth]

The third redirect is initiated by your application and out of scope of rack-ssl-enforcer, so the only chance i see is to modify your authentication's redirect by passing the protocol option, for example:

# application_controller.rb

before_filter :require_login

private

  def require_login
    unless current_user
      redirect_to controller: "sessions_controller", action: "new", protocol: "https://"
    end
  end

[irmiller22]

Ah, got it. I wasn't sure if this was the intended behavior or not. This probably won't work, because I need one domain specifically to enforce SSL, and the others to just use the standard HTTP protocol. It would be counter-intuitive to force the HTTPS protocol on all URLs within my app.

[tobmatth]

I see. Maybe something like

def domain_specific_protocol
  request.host_with_port =~ /example.org/ ? "https://" : "http://"
end

def require_login
  unless current_user
    redirect_to controller: "sessions_controller", action: "new", protocol: domain_specific_protocol
  end
end

Probably not the most elegant solution :) Anyway - i'm closing here...