Skip to content

spllr/rack-secure_only

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

58 Commits
lib
lib
 
 
spec
spec
 
 
.document
.document
 
 
.gitignore
.gitignore
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Rakefile
Rakefile
 
 
VERSION
VERSION
 
 
rack-secure_only.gemspec
rack-secure_only.gemspec
 
 

Repository files navigation

rack-secure_only

SecureOnly will redirect to https if the request is on http.

When passed :secure => false it will do the opposite and redirect https to http.

The check if the current request is on https includes checking the HTTP_X_FORWARDED_PROTO header. This means the redirect will also work on heroku.com

This can be disabled by setting the :use_http_x_forwarded_proto option to false.

Installation

sudo gem install rack-secure_only

Usage

require 'rack-secure_only'

app = Rack::Builder.new do      
  map '/secure' do
    use Rack::SecureOnly
    run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
  end

  map '/notsecure' do
    use Rack::SecureOnly, :secure => false
    run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["NON SECURE APP"]] }
  end

  map '/secure_without_http_x_forwarded_proto_check' do
    use Rack::SecureOnly, :use_http_x_forwarded_proto => false
    run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
  end

  map '/secure_with_fixed_redirect_url' do
    use Rack::SecureOnly, :redirect_to => "https://my.site.org/login"
    run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
  end

  map '/secure_with_an_if_condition' do
    use Rack::SecureOnly, :if => ENV['RACK_ENV'] == 'production'
    run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
  end

  map '/secure_with_an_if_condition_block' do
    use Rack::SecureOnly, :if => Proc.new { |request| request.params.key?('secure_thing') }
    run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["APP"]] }
  end
end

run app

This will redirect all requests to /secure to https and all requests to /notsecure to http.

Rack::Request

When rack-secure_only is required the Rack::Request will be extended with some convenience methods to determine if the current request is http or https

require 'rack-secure_only'

run lambda { |env| 
  req = Request.new(env)
  
  res_body = ""
  
  if req.https?
    res_body = "You just made a request on https"
  elsif req.http?
    res_body = "You just made a request on http"
  elsif req.https?(false) # do not check the HTTP_X_FORWARDED_PROTO header
    res_body = "You just made a request on a url with scheme https"  
  elsif req.http?(false) # do not check the HTTP_X_FORWARDED_PROTO header
    res_body = "You just made a request on a url with scheme http, I did not check the HTTP_X_FORWARDED_PROTO header"
  end
  
  res_body << " and the HTTP_X_FORWARDED_PROTO header was set to" + req.forwarded_proto
  
  [200, { 'Content-Type' => 'text/plain' }, res_body]
}

Note on Patches/Pull Requests

  • Fork the project.
  • Make your feature addition or bug fix.
  • Add tests for it. This is important so I don't break it in a future version unintentionally.
  • Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
  • Send me a pull request. Bonus points for topic branches.

Copyright

Copyright (c) 2010 Klaas Speller. See LICENSE for details.

About

Redirect http to https and the other way around

rubygems.org/gems/rack-secure_only

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

7 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages