This module provides a method which will redirect the browser to use the secured HTTPS protocol. This will ensure that users' sensitive information will be transferred safely over the internet. You should always force the browser to use HTTPS when you're transferring sensitive information such as user authentication, account information, or credit card information.
Note that if you are really concerned about your application security, you might consider using config.force_ssl
in your config file instead. That will ensure all the data is transferred via HTTPS, and will prevent the user from getting their session hijacked when accessing the site over unsecured HTTP protocol.
Namespace
Module
Methods
Included Modules
Constants
ACTION_OPTIONS | = | [:only, :except, :if, :unless] |
REDIRECT_OPTIONS | = | [:status, :flash, :alert, :notice] |
URL_OPTIONS | = | [:protocol, :host, :domain, :subdomain, :port, :path] |
Instance Public methods
force_ssl_redirect(host_or_options = nil)
Redirect the existing request to use the HTTPS protocol.
Parameters
-
host_or_options
- Either a host name or any of the URL and redirect options available to theforce_ssl
method.
📝 Source code
# File actionpack/lib/action_controller/metal/force_ssl.rb, line 78
def force_ssl_redirect(host_or_options = nil)
unless request.ssl?
options = {
protocol: "https://",
host: request.host,
path: request.fullpath,
status: :moved_permanently
}
if host_or_options.is_a?(Hash)
options.merge!(host_or_options)
elsif host_or_options
options[:host] = host_or_options
end
secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
end
end
🔎 See on GitHub