ssl_requirement ãæ¹é ãã¦ãhttps => http ã®ç»é¢é·ç§»ã§ãã©ã¦ã¶ã®è¦åããªãã
Rails ä½è
ã® David Heinemeier Hansson 謹製ãã©ã°ã¤ã³ ssl_requirement ã¯å®ã«ããã§ãã¦ãããããã40è¡ã®ã³ã¼ããã ããhttp 㨠https ã®åãæ¿ããå®ç§ã«ãã£ã¦ãããã
ruby script/plugin install http://dev.rubyonrails.org/svn/rails/plugins/ssl_requirement/
ã§ã¤ã³ã¹ãã¼ã«ã§ããã
ããããªããå··ã§ã¯ããããªãã¨ã話é¡ã«ãªã£ã¦ãããããã
HTTPSの認証ページから認証後、HTTPのページへセキュリティーの警告無しにリダイレクトする方法
ç§ã«ã¨ã£ã¦ã¯æ£ç´ãã©ãã§ããããã¨ã ãã人ã«ãã£ã¦ã¯ããã®è¦åã«ææãæããã®ãããããªãããããã ssl_requirement ã¯æ£ããä½æ³ã«å¾ã£ã¦ã302 Redirect 㧠https => http ã®ç»é¢é·ç§»ãè¡ãããããã£ã¦ãã»ãã¥ãªãã£ã¼è¦åãåºãã¯ãã§ãããï¼åºãã¯ããã¨ããã®ã¯ãç§ã®ã¨ããã§ãªããè¦åãåºã¦ãããªãã®ã ãWEBrick on SSL ã使ã£ã¦ãããããï¼ï¼ä¸è¨ã®ãµã¤ãã«ããã°ãJavascript 㧠location.href ã«é·ç§»å URL ãæå®ãã¦ãªãã¤ã¬ã¯ãããã°ãä¾ã®è¦åãåé¿ã§ããã¨ããã
ããã§ãssl_requirement ã使ã£ã¦ããªããã¤ãã»ãã¥ãªãã£è¦åãåé¿ããæ¹æ³ãèãã¦ã¿ããRAILS_ROOT/controllers/application.rb ã«ä¸è¨ã®ãããªã³ã¼ãã追å ããã
# Filters added to this controller apply to all controllers in the application. # Likewise, all the methods added will be available for all controllers. class ApplicationController < ActionController::Base # Pick a unique cookie name to distinguish our session data from others' session :session_key => '_ssl_test_session_id' include SslRequirement end module SslRequirement def ensure_proper_protocol return true if ssl_allowed? if ssl_required? && !request.ssl? redirect_with_javascript(:https, request) return false elsif request.ssl? && !ssl_required? redirect_with_javascript(:http, request) return false end end def redirect_with_javascript(protocol, request) url = "#{protocol.to_s}://#{request.host}#{request.request_uri}" render :text => <<-EOS <html> <head> <meta http-equiv="refresh" content="0; url=#{url}"> <script type="text/javascript"> location.href = "#{url}"; </script> </head> <body /> </html> EOS end end
ãã©ã°ã¤ã³èªä½ãã£ã40è¡ãªã®ã§ããã使ããããªãããã©ã°ã¤ã³èªä½ãæ¹é ãã¦ãã¾ã£ãã»ãããããããããªããRAILS_ROOT/vendor/plugin/ssl_requirement/lib/ssl_requirement.rb ãéãã¦ãensure_proper_protocol ãç½®ãæããredirect_to_url ã追å ããã° OKãããããå ´åã£ã¦ã©ãããããããã ãããªï¼ãã©ã°ã¤ã³ã®åãä¿®æ£ãããã©ã°ã¤ã³ã¨ããã®ã¯ãã¼ãã®é çªã®é¢ä¿ä¸ãé£ããããããããã«ãããä»å㯠DHH æ§ã®ç¾ããã³ã¼ããæ±ãæ°ã«ãªããªãã£ãã®ã§ãä¸ã®ãããªã½ãªã¥ã¼ã·ã§ã³ãææ¡ãããã¾ãé©å½ã«ãã£ã¦ãã ããã