Using SSL in Rails Applications

Updated . Posted . Visible to the public.

On any page accessed with SSL, all Ajax requests must use SSL, or they will fail. To make this happen, all you need to do is include the names of the actions that service the requests in your ssl_required statement.

buildingwebapps.com
Lexy
makandra.de
Say thanks
Last edit
Keywords
rails
License
Source code in this card is licensed under the MIT License.

Related cards:

Caching in Rails < 6.1 may down parts of your application when using public cache control

TL;DR When using Cache-Control on a Rails application, make sure the Vary: Accept header is set.

Proxy caching is a good feature to serve your publicly visible application content faster and reduce load on your servers. It is e.g. availab...

Using SSL in Rails 3

SSL in Rails 3 is non-obvious.

Using Spring and parallel_tests in your Rails application

You want Spring for super-fast binstubs like bin/rails or bin/rspec which avoid Rails boot time.
You want parallel_tests to speed up full test runs of large test s...

Use SSL for Amazon RDS / MySQL (and your Rails app)

In case you have sensitive data within your RDS instance, you want to use encrypted connections between your application and RDS instances. If you're using MySQL on RDS, here's what to do:

  1. Download the AWS CA file and copy it to the machine yo...

Security issues with hash conditions in Rails 2 and Rails 3

Find conditions for scopes can be given either as an array (:conditions => ['state = ?', 'draft']) or a hash (:conditions => { 'state' => 'draft' }). The later is nicer to read, but has horrible security implications in some versions of Ru...

Using mime types with send_file

When using send_file (for example for attachments of any kind), make sure your application knows the correct mime types so that all browsers can handle the files. It is much more convenient for users if they can decide to open a file directly in...

Rails: Encrypting your database information using Active Record Encryption

Since Rails 7 you are able to encrypt database information with Active Record. Using Active Record Encryption will store an attribute as string in the database. And uses JSON for seri...

Marry Capybara with SSL-enabled applications

Capybara does not play nice with sites that have some actions protected by SSL, some not. A popular way to implement this in Rails is using the ssl_requirement plugin by DHH, which redirects a...

How to keep using secrets.yml after upgrading to Rails 7.2

Rails 5.2 soft-deprecated the storage of secrets in secrets.yml in favor of a new thing, credentials.yml.enc. Rails 7.1 deprecated secrets and Rails 7.2 finally remove...

Working with or without time zones in Rails applications

Rails supports time zones, but there are several pitfalls. Most importantly because Time.now and Time.current are completely different things and code from gems might use one or the other.

Especially configuring an application that cares only...

Posted by Lexy to makandra dev (2009-09-11 20:24)
This website uses short-lived cookies to improve usability.
or learn more