forked from rails/ssl_requirement
-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathREADME
51 lines (38 loc) · 1.41 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
SSL Requirement
===============
SSL requirement adds a declarative way of specifying that certain actions
should only be allowed to run under SSL, and if they're accessed without it,
they should be redirected.
Example:
class ApplicationController < ActiveRecord::Base
include SslRequirement
def skip_ssl_requirement
### would skip ssl requirement if the method return true, the method must be a public method.
Rails.env == 'development'
end
end
class AccountController < ApplicationController
ssl_required :signup, :payment
ssl_allowed :index
ssl_allowed :all
ssl_required :all
def signup
# Non-SSL access will be redirected to SSL
end
def payment
# Non-SSL access will be redirected to SSL
end
def index
# This action will work either with or without SSL
end
def other
# SSL access will be redirected to non-SSL
end
end
You can overwrite the protected method ssl_required? to rely on other things
than just the declarative specification. Say, only premium accounts get SSL.
P.S.: Beware when you include the SslRequirement module. At the time of
inclusion, it'll add the before_filter that validates the declarations. Some
times you'll want to run other before_filters before that. They should then be
declared ahead of including this module.
Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license