ActionController::ForceSSL::ClassMethods
Methods
F
Instance Public methods
force_ssl(options = {})

Force the request to this particular controller or specified actions to be through the HTTPS protocol.

If you need to disable this for any reason (e.g. development) then you can use an :if or :unless condition.

class AccountsController < ApplicationController
  force_ssl if: :ssl_configured?

  def ssl_configured?
    !Rails.env.development?
  end
end

URL Options

You can pass any of the following options to affect the redirect url

  • host - Redirect to a different host name

  • subdomain - Redirect to a different subdomain

  • domain - Redirect to a different domain

  • port - Redirect to a non-standard port

  • path - Redirect to a different path

Redirect Options

You can pass any of the following options to affect the redirect status and response

  • status - Redirect with a custom status (default is 301 Moved Permanently)

  • flash - Set a flash message when redirecting

  • alert - Set an alert message when redirecting

  • notice - Set a notice message when redirecting

Action Options

You can pass any of the following options to affect the before_action callback

  • only - The callback should be run only for this action

  • except - The callback should be run for all actions except this action

  • if - A symbol naming an instance method or a proc; the callback will be called only when it returns a true value.

  • unless - A symbol naming an instance method or a proc; the callback will be called only when it returns a false value.

# File actionpack/lib/action_controller/metal/force_ssl.rb, line 62
def force_ssl(options = {})
  action_options = options.slice(*ACTION_OPTIONS)
  redirect_options = options.except(*ACTION_OPTIONS)
  before_action(action_options) do
    force_ssl_redirect(redirect_options)
  end
end