I have a Heroku e-commerce site I’m building, and have the Piggyback ssl installed by following the Heroku Piggyback tutorial. I’m planning to upgrade to SNI or host-name SSL after sales come in to support it.
I can’t find any tutorials or examples of best way to handle where the SSL is integrated for the processing (just checkout I believe).
Are there any tutorials, or process workflows to setup a controller and view to abstract for handling the actual checkout experience, and redirecting confirmation or failure when using the piggyback ssl on Heroku? And keep in mind upgrading the system in the future for upgraded SSL (using SNI or Hostname SSL)?
The best explanation I found was from this question, but it wasn’t a walk-through, tutorial, or real explanation explain how to solve the url creation for links on the Piggybacked url (appname.heroku.com). I was looking for more detail in implementation.
Piggyback SSL is identical to regular SSL, except for the fact that only heroku.com or herokuapp.com domains (dependant on your stack) are secured by the cert that you have setup for you.
In order to run a page securely, just run it over HTTPS.
However, with Rails you have the option of using the SSL_requirement plugin from DHH which lets you tell rails which controller actions MUST be handled securely, and which are fair game for HTTP. By using SSL requirement you can forget in your routing about SSL as SSL_requirement will take care of it for you.