我使用bartt/ssl_requirement,它允许您保护某些操作,例如:
class ApplicationController < ActionController::Base
include ::SslRequirement
end
class AccountController < ApplicationController
ssl_required :signup, :payment
...
end
对于路径,您只需设置:secure => true:
<% form_tag session_path(:secure => true), :class => 'home_login' do -%>
要在开发中禁用,请将其添加到 config/environments/development.rb 的配置块中:
config.after_initialize do
SslRequirement.disable_ssl_check = true
end
如果你像我在 Heroku 上那样使用安全子域,你可以将它添加到 config/environments/production.rb:
config.after_initialize do
SslRequirement.ssl_host = 'secure.example.com'
end
以及:domain => :all 到config/initializers/session_store.rb,因此会话在所有域之间共享。例如:
MyAppName::Application.config.session_store :cookie_store, key: '_myappname_session', :domain => :all