3

I'd like to create a user in my ember app and send the info over to the server using SSL. I'm not sure how to do this. Can I just set the url of my model to an https address? From what I'm reading about SSL, it's against Javascript's same origin policy to use SSL with the ajax function.

Maybe I'm missing something simple, but I wasn't able to find this in the documentation or in any other questions here.

Community
  • 1
  • 1
mehulkar
  • 4,895
  • 5
  • 35
  • 55

1 Answers1

1

Maybe I am missing something simple

It will be really simple if you just serve everything via SSL. Ember will use the request's protocol and domain to construct an API url for your models, so if the page itself is requested via SSL then your API requests will be as well.

Is this practical?

Yes. Since you are looking to create users I assume you'd be authenticating them as well. Any application (ember/rails/php/whatever) that is creating/authenticating users should use only SSL. If instead you just use SSL for login and then pass a session cookie unencrypted, that cookie can be stolen via a man-in-the-middle attack. See this stack-overflow answer for detail: https://stackoverflow.com/a/11715508/983357

Community
  • 1
  • 1
Mike Grassotti
  • 19,040
  • 3
  • 59
  • 57
  • Is this practical? I'm looking at [rack-ssl-enforcer](https://github.com/tobmatth/rack-ssl-enforcer) for Rails. – mehulkar Jan 21 '13 at 09:40
  • It's practical, but of course not right for every application. I've not used rack-ssl-enforcer in past but it seems a solid choice. You may not need it if forcing SSL for everything, in that case can try this approach: http://www.simonecarletti.com/blog/2011/05/configuring-rails-3-https-ssl/ – Mike Grassotti Jan 21 '13 at 18:14