redirect to 'www' before force_ssl

Question

I\'m moving an app to heroku and am having some issues with ssl and redirects.

I\'m on rails 3.1 and I\'ve tried forcing ssl with middleware in the environments producti

Answer 1

You should be able to do this by running a rack redirect before the force_ssl middleware.

This post shows you how to do it.

http://blog.dynamic50.com/2011/02/22/redirect-all-requests-for-www-to-root-domain-with-heroku/

Hope this helps.

Answer 2

Since your 301 is being sent by the application, and the request can't even reach the application before hitting the middleware (on which rack-ssl runs), your only solutions are to change the middleware or to do the redirect before it even hits the middleware.

For the latter, you'd have to poke around Heroku. I don't use it myself. On a VPS deployment, you'd just add the redirect on your forward-facing web server (Apache, nginx) before it even hit the middleware. This seems like a common case, so I imagine Heroku might have something there for you.

For the former, it shouldn't be hard. The rack-ssl middleware is very, very simple, and it shouldn't be hard to monkeypatch it to suit your needs.

https://github.com/josh/rack-ssl/blob/master/lib/rack/ssl.rb#L58

I imagine that something like url.host = "www.myhost.com" might be what you'd want (although you can probably tell there are probably more FQDN-agnostic ways to do it).

Answer 3

Here is how I solved the problem. I removed config.force_ssl = true from production.rb and instead used:

Add this method to ApplicationController

  def force_ssl
    if Rails.env.production?
      redirect_to :protocol => 'https' unless request.ssl?
    end
  end  

And add it as a before filter on ApplicationController

before_filter :force_ssl

I am also using a ensure_domain which switches from http://example.com to http://www.example.com. Make sure such a before filter is called before force_ssl.