Home/ Questions/Q 6782901
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T16:47:58+00:00

I have the following route: resources :widgets do resources :orders end so that a

  • 0

I have the following route:

resources :widgets do
  resources :orders
end

so that a request, e.g. to /widgets/1/orders/new goes to OrderController, which can access params[:widget_id] to know which widget is being purchased.

The problem is this: I use force_ssl in OrderController. This is causing requests for:

http://www.example.com/widgets/1/orders/new

to be redirected (302) to:

https://www.example.com/

In other words, force_ssl is doing its job (redirecting to https protocol version of URL), but is destroying the parameters specified by the dynamic segment of the route in the process. How can I prevent this from happening (preferable) or work around it in the least offensive way?

Note that this is hosted on Heroku, and so e.g. an Apache redirect won’t work for me.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I believe the default behavior of force_ssl is to pass parameters from the non-secure connection to the secure connection. If this is not the behaviour you want, you could try to override the force_ssl function by adding an initializer like that:

    #
# Pass parameters in SSL redirects
#
module ActionController
  module ForceSSL
    module ClassMethods
      def force_ssl(options = {})
        host = options.delete(:host)
        before_filter(options) do
          if !request.ssl? && !Rails.env.development?

            secure_params = request.params.clone
            [:only, :except, :protocol, :status, :host].each {|s| secure_params.delete(s)}

            redirect_options = {:protocol => 'https://', :status => :moved_permanently}
            redirect_options.merge!(:host => host) if host
            redirect_to redirect_options.merge(secure_params)
          end
        end

      end
    end
  end
end
    • 0