Skip to content

Instantly share code, notes, and snippets.

@aliang
Created February 1, 2011 23:53
Show Gist options
  • Save aliang/806984 to your computer and use it in GitHub Desktop.
Save aliang/806984 to your computer and use it in GitHub Desktop.
Force SSL on Devise routes only, then redirect back
class ApplicationController < ActionController::Base
# Tell Devise to redirect after sign_in
def after_sign_in_path_for(resource_or_scope)
some_url(:protocol => 'http')
end
# Tell Devise to redirect after sign_out
def after_sign_out_path_for(resource_or_scope)
some_url(:protocol => 'http')
end
end
class RegistrationsController < Devise::RegistrationsController
private
# Tell Devise to redirect after account update
def after_update_path_for(resource)
me_url(:protocol => 'http')
end
end
JumpTask::Application.routes.draw do
# This class just makes the SSL constraint DRY
class SSL
def self.matches?(request)
# This way you don't need SSL for your development server
return true unless Rails.env.production?
request.ssl?
end
end
# Require SSL for Devise
constraints SSL do
devise_for :users, :controllers => {
:registrations => 'registrations'
} do {
# your custom Devise routes here
}
end
end
# Redirect to SSL from non-SSL so you don't get 404s
# Repeat for any custom Devise routes
match "/users(/*path)", :to => redirect { |_, request|
"https://" + request.host_with_port + request.fullpath }
end
@jogaco
Copy link

jogaco commented Nov 19, 2014

Looked great but does not seem to work for newer versions of Devise (3.4.x) and Rails (3.2.x). Results in an infinite redirection

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment