从 http://example.com 重定向到 https://example.mysite.com
这个问题已经以各种排列被问到,但我还没有找到回答我的特定问题的正确组合。
配置
- Rails 3.1(允许我在我的
ApplicationController中使用force_ssl) - 托管在Heroku Cedar上(所以我无法触及中间件)
- 我的SSL证书已注册
secure.example.com
我已经将 force_ssl 添加到我的 ApplicationController 中,如下所示:
# file: controllers/application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery
force_ssl
end
问题
当前,如果用户导航到http://example.com,force_ssl 切换到 SSL,但由于它不是 secure.example.com,它会显示有关未经验证的安全证书的警告,因为它使用的是默认 Heroku 证书。
(我已经验证导航到 http://secure.example.com 可以正确重定向到 https://secure.example.com 并使用正确的安全证书。很好。)
问题
如何强制 http://www.example.com/anything 和 http://example.com/anything 重定向到 http://secure.example.com/anything? (我假设force_ssl将处理从http到https的切换。)由于我无法触及中间件(回想一下这是Heroku托管),我假设我可以做类似的事情:
# file: controllers/application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery
force_ssl
before_filter :force_secure_subdomain
private
def force_secure_subdomain
redirect_to(something...) unless request.ssl?
end
end
...但我还没有充分理解redirect_to和请求对象来知道要为某事...编写什么。 (我想确保它处理查询参数等)
This question has been asked in various permutations, but I haven't found the right combination that answers my particular question.
The configuration
- Rails 3.1 (allowing me to use
force_sslin myApplicationController) - Hosted on Heroku Cedar (so I can't touch the middleware)
- My SSL certs are registered for
secure.example.com
I've already added force_ssl to my ApplicationController, like this:
# file: controllers/application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery
force_ssl
end
The problem
Currently, if a user navigates to http://example.com, force_ssl switches to SSL, but since it's NOT secure.example.com, it presents a warning about an unverified security cert because it's using the default Heroku cert.
(I've verified that navigating to http://secure.example.com properly redirects to https://secure.example.com and uses the proper security cert. That's good.)
The question
How do I force http://www.example.com/anything and http://example.com/anything to redirect to http://secure.example.com/anything? (I'm assuming that force_ssl will handle the switch from http to https.) Since I cannot touch the middleware (recall that this is Heroku hosting), I assume I can do something like:
# file: controllers/application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery
force_ssl
before_filter :force_secure_subdomain
private
def force_secure_subdomain
redirect_to(something...) unless request.ssl?
end
end
... but I haven't sufficiently grokked redirect_to and the request object to know what to write for something.... (I want to be sure that it handles query params, etc.)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可以通过执行以下操作重定向到不同的主机名:
请参阅: rails force_ssl 源了解更多信息
you can redirect to a different hostname by doing the following:
see: rails force_ssl source for more info
你应该看看 rack-rewrite - 它本质上是 Apache 重写,但采用 Ruby 形式,并可在 Heroku 上使用。
这将允许您创建各种机架级别规则以及应该发生什么重定向等以及何时发生。
You should have a look at rack-rewrite - it's essentially Apache re-write but in Ruby form, and usable on Heroku.
This will allow you to create all sorts of Rack level rules and what redirections etc should occur and when.