Skip to content

How To: Use SSL (HTTPS)

Jump to bottom Edit New page
rickygu edited this page Apr 4, 2012 · 5 revisions

The examples below only show how to make devise views into SSL. Since Rails uses a cookie for it's sessions, it is recommended that the entire website should use SSL for security reasons.

Using the SSL Requirement plugin:

For Devise 1.0, one way to do sign_in over SSL is:

# in app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
  include SslRequirement

  ...
end

# in config/environment.rb
config.to_prepare do
  SessionsController.ssl_required :new, :create
  RegistrationsController.ssl_required :new, :create
end

Devise 1.1 you need to do at the bottom:

Devise::SessionsController.ssl_required :new, :create

If the code above just requires ssl on the first request in development, you may need to move the last line to a config.to_prepare block inside config/application.rb or config/environment.rb:

config.to_prepare { SessionsController.ssl_required :new, :create }

Rails 3.1 no longer needs the ssl_requirement gem. Just place this in your environment file:

#in config/environments/production.rb
config.to_prepare { Devise::SessionsController.force_ssl }
config.to_prepare { Devise::RegistrationsController.force_ssl }

And make sure to enable SSL on the server (Nginx, Apache, etc.). If the servers are not configured properly, Rails will not recognize the request as SSL (even if it is), and cause an infinite redirect loop.

Add a custom footer
Add a custom sidebar
Clone this wiki locally