SSL-only, HTTP-only, and mixed #39
Comments
|
I noticed that if you have multiple rules, it applies them all, rather than short-circuit. This makes it impossible to have complex rules. I forked and added support for SSL, HTTP, and mixed, as well as short-circuiting. Not a thing of beauty. Just a quick hack to get me out of the woods. Interested in your thoughts. |
|
Hey, sorry for the slow response, i'm neck-deep in work right now and won't be able to take a look at your code before mid next week. Hope that's ok for you... |
|
Hi Tobias, Take your time! I’m happily using your gem (with my cheap hacks in place). Cheers. Felix From: Tobias Matthies [mailto:[email protected]] Hey, sorry for the slow response, i'm neck-deep in work right now and won't be able to take a look at your code before mid next week. Hope that's ok for you... — |
|
I wanted to mention this seems to give problems for my use case as well. I want /cart SSL and everything else NOT SSL . However I need to ignore assets so something like: use Rack::SslEnforcer, :ignore => '/assets' causes assets to be redirected to http while on /cart. This causes errors in chrome (about insecure items on page). |
|
Hi, Have you tried |
|
Yes, this results in all /assets being redirected to http:// and thus my css and images don't load when in /cart since the content is insecure. |
|
I'm really not sure about that, I've added a test for your use case and I think that's because you're using a Also, please make sure to set the middleware only once, not twice (as in your first example). |
|
Oh this does work! Thank you very much. For some reason I was under the assumption that a string got converted to a regex anyhow and would match paths under it. As for the send bit (only using the middleware once) - I was a little confused on this in the docs as there are no examples that use 2 things (like :only and :ignore) at the same time. There are code boxes though that show multiple lines doing different things. Anyway, thanks for the pointer. |
|
Thanks for the feedback, I've added a multiple-constraint example in the README! |
There doesn't seem to be a way to have the following configuration
(1) /admin (SSL Only)
(2) /public (Either SSL or HTTP)
(3) everything else (HTTP only)
Am I missing something?
I think this is a pretty common scenario with Ajax. E.g., this seems to be similar to issue #36.
If I am correct, would it be simpler to get rid of the "strict" option, and instead have a rule-type, i.e. one of {SSL, HTTP, Mixed}?
The text was updated successfully, but these errors were encountered: