Secure with SSL (Subdomain and Protocol) in Rails 3.1

force-ssl.rb

class ApplicationController < ActionController::Base
  protect_from_forgery

  before_filter :secure_with_ssl

  private
  
  def secure_with_ssl
    if request.subdomain != 'secure' or request.protocol != 'https'
      redirect_to :subdomain => 'secure', :protocol => 'https'
    end
  end
end

Thanks again for the great gist & help.

An update --

I'm deploying to Heroku and had issues when utilizing force_ssl while still trying to retain controller specific ssl and had a 'too many redirects' issue with your original code above. In addition to this, I was also getting an error by utilizing 'request.protocol', so I modified things just a bit and all is working wonderfully now.

Controllers where I didn't need SSL --

def no_secure_subdomain_ssl
  if request.subdomain == 'secure' or request.ssl? == true
    redirect_to root_url(:host => request.domain, :protocol => 'http' ) 
  end
end

Controllers where I did need SSL --

def secure_subdomain_ssl
  if Rails.env.production?
    if request.subdomain != 'secure' or request.ssl? != true
      redirect_to :subdomain => 'secure', :protocol => 'https'
    end
  end
end

You'll notice in that last one I would check the Rails environment so that I wouldn't have issues in development.

Thanks again for all the help man!