Running the whole site under https is a solution, but they asked me to 'protect' only a couple of controllers. I am not using a gem, I am using this in ApplicationController<div><br></div><div><div> def require_ssl</div>
<div> unless Rails.env == 'development'</div><div> redirect_to :protocol => "https://" unless (request.ssl?)</div><div> end</div><div> end</div><div><br></div><div>Then I can force https where I want. Last part of your mail made me think that I might have misconfigured Apache, so it could hit the staging site using http and the production site when using https. I will have a look, that is the only possible cause I could think about.</div>
<br><div class="gmail_quote">On 4 April 2012 18:02, javier ramirez <span dir="ltr"><<a href="mailto:jramirez@aspgems.com">jramirez@aspgems.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<u></u>
<div text="#000000" bgcolor="#ffffff">
Hi,<br>
<br>
Rails doesn't know anything about your request being secure or not.
If your application is working fine without SSL, it should be
working fine with it too. Maybe you have installed some gem or rack
middleware to deal with https and it's acting funny?<br>
<br>
For my rails apps to run over SSL all I do is marking the cookie as
secure only (not really necessary, but I prefer it that way) then I
configure the web server to redirect all the http traffic to https.
I have used some gems in past projects to allow for some sections to
respond to http and some sections to https only, but then I decided
it was easier (and it made much more sense from a safety point of
view) to run the whole site under SSL. From the rails point of view,
all requests are the same once they reach the dispatcher, no matter
the URI scheme.<div class="im"><br>
<br>
<blockquote type="cite">
<div><br>
</div>
<div>My app is responding to HTTPS requests, so Apache and
Passenger send the request to the app.<br>
</div>
</blockquote>
<br></div>
So you are calling some actions via https and you are getting a
valid response generated by your application but not seeing any
activity in the logs? <br>
<br>
Unless you have some weird gem causing that, it would look as if you
were not hitting the instance of your app you are checking the log
for. It wouldn't be the first time I try to see in the development
log something when running on production or testing environments, or
even trying to check on my local log something running on staging.<div class="im"><br>
<br>
cheers,<br>
<br>
j<br>
<br>
<div>-- <br>
<p>javier ramírez</p>
<p> ..i do ruby on rails development in madrid, spain, at <a href="http://www.aspgems.com" target="_blank">http://www.aspgems.com</a>
</p>
<p> <a href="http://javier-ramirez.com" title="javier ramirez" target="_blank">javier
ramirez's home page (http://javier-ramirez.com)</a><br>
<a href="http://formatinternet.com" title="format internet :
ruby on rails blog by javier ramirez" target="_blank">javier ramirez's blog
(http://formatinternet.com)</a><br>
</p>
</div>
</div></div>
<br>_______________________________________________<br>
Chat mailing list<br>
<a href="mailto:Chat@lists.lrug.org">Chat@lists.lrug.org</a><br>
<a href="http://lists.lrug.org/listinfo.cgi/chat-lrug.org" target="_blank">http://lists.lrug.org/listinfo.cgi/chat-lrug.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Riccardo Tacconi<br>Ruby on Rails and PHP development - System Administration<br>VIRTUELOGIC LIMITED<br><br><a href="http://github.com/rtacconi" target="_blank">http://github.com/rtacconi</a><br>
<a href="http://riccardotacconi.blogspot.com" target="_blank">http://riccardotacconi.blogspot.com</a><br><a href="http://twitter.com/rtacconi" target="_blank">http://twitter.com/rtacconi</a><br>
</div>