setting up ssl on devise

Question

I'd like to require ssl authentication for the user resource on devise. I was expecting that to be as simple as it is in rails, like:

  devise_for :users, :constraints => { :protocol => "https" }

Also, I couldn't find any documentation on devise's github, though I've found some dead links pointing to it at the google groups.

Does anybody has a hint on how to get it working easily? I thought I'd be simple, given the popularity of the plugin

score 15 · Accepted Answer · answered Jan 24 '11 at 23:14

15

:constraints won't work as option, but this probably will:

constraints :protocol => "https" do
  devise_for :users
end

answered Jan 24 '11 at 23:14

José Valim

50,409
12
130
115

I changed my devise to use this and it didn't work. I got `No route matches [DELETE] "/users/sign_out"` – jcollum Feb 29 '12 at 01:52
2

I had a problem with signing out too, so here's an answer that could help others. Basically, the problem was that `DELETE "/sign-out"` (with http) was redirected to `GET "/sign-out" (https)`. So I replaced my `sign_out_path` by `sign_out_url(protocol: "https")`, and now it works fine. I actually overrode sign_out_url to always set the protocol. – Robin Apr 05 '12 at 21:33

score 7 · Answer 2 · edited Feb 29 '12 at 01:53

7

Integrate SSL Requirement into your app and using Devise. The answer didn't work but this did for me, especially since I was using SSL Requirement already.

edited Feb 29 '12 at 01:53

jcollum

43,623
55
191
321

answered Feb 11 '11 at 15:20

pjammer

9,489
5
46
56

You are right, I didn't check the answer correctly back then, and didn't update here. Did you get the redirection between ssl routes and regular routes to work? – Thiago Feb 11 '11 at 15:36
I had mine working before, but now you are scaring me... I literally just implemented it but started coding somewhere else. I can check. gulp... – pjammer Feb 11 '11 at 15:47
The article linked to worked for my Rails 3 app using: config.to_prepare { Devise::SessionsController.ssl_required :new, :create } in my application.rb file. – DownChapel Apr 24 '11 at 21:15

score 2 · Answer 3 · answered Jan 21 '11 at 18:24

2

I suggest using Rack::SSL, maybe with Rack::SslEnforcer for more configuration options.

answered Jan 21 '11 at 18:24

Andy Lindeman

12,087
4
35
36

setting up ssl on devise

3 Answers3

Linked