Created
July 28, 2011 14:17
-
-
Save subelsky/1111621 to your computer and use it in GitHub Desktop.
Getting SSL, Capybara, Rails 3, and Devise to work together
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # config/application.rb | |
| Bundler.require(:default, Rails.env) if defined?(Bundler) | |
| require 'rack/ssl' # add this before the app definition | |
| module YourApp | |
| class Application < Rails::Application | |
| # <snip> | |
| config.middleware.insert_before ActionDispatch::Cookies, Rack::SSL | |
| # <snip> | |
| end | |
| end | |
| # when Rails 3.1 ships you can get rid of the rack/ssl require, and just | |
| # add config.force_ssl = true to the above |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # app/controllers/application_controller.rb | |
| def default_url_options(options = {}) | |
| options.merge(protocol: "https") | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # config/initializers/devise.rb | |
| # httponly: true is not needed for SSL enforcement but I think it's a good default | |
| config.cookie_options = { secure: true, httponly: true } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # lib/failure_app.rb | |
| # found this on the devise wiki but can't find the page anymore | |
| # make sure this code gets loaded; if it's in lib you need to require it | |
| # explicitly or make lib/ an autoload path | |
| class CustomFailure < Devise::FailureApp | |
| def redirect_url | |
| new_user_session_url(protocol: "https") | |
| end | |
| # You need to override respond to eliminate recall | |
| def respond | |
| if http_auth? | |
| http_auth | |
| else | |
| redirect | |
| end | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gem "rack-ssl", "1.3.2" | |
| # when Capybara issue 409 or 422 get resolved, you can switch back to the official | |
| # capybara gem | |
| # https://github.com/jnicklas/capybara/pull/409 | |
| # https://github.com/jnicklas/capybara/pull/422 | |
| gem "capybara", git: "https://github.com/mcolyer/capybara.git", branch: "fix-ssl-redirects" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # config/initializers/session_store.rb | |
| # this probably isn't needed since Rack::SSL handles it, but just for good measure | |
| YourApp::Application.config.session_store :cookie_store, | |
| :key => '_yourapp_secure_session', | |
| :secure => true, | |
| :httponly => true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment