I want to protect the login form of my Rails application using HTTPS. After

Question

0

Asked: May 12, 20262026-05-12T14:50:45+00:00 2026-05-12T14:50:45+00:00

I want to protect the login form of my Rails application using HTTPS. After

0

I want to protect the login form of my Rails application using HTTPS. After a bit of a uphill struggle I now have the SSL certificate installed and Apache/Passenger set up correctly.

My application uses SSL Requirement and RESTful Authentication in combination for the login form. I’ve noticed using Firebug that the login credentials are still sent in the clear. How can I make the Rails form_tag helper submit the form over HTTPS? I couldn’t see anything about this in the docs.

EDIT: I did some more research and edited my routes file so that the session controller uses HTTPS:

map.resource :session, :controller => 'session',
                       :only => [:new, :create, :destroy],
                       :requirements => { :protocol => 'https' }

I also changed the login form to use session_url instead of session_path:

<% form_tag session_url do %>
  .
  .
  .
<% end %>

—This is correctly using a full https:// URL as the action for the generated form element, but I can still sniff the user name and password using Firebug. What’s going on?!

Thanks.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-12T14:50:45+00:00

Editorial Team

2026-05-12T14:50:45+00:00Added an answer on May 12, 2026 at 2:50 pm

Since Firebug is an extension inside Firefox it probably sees the request data before it gets encrypted. If you want to test this properly you should use a tool outside of Firefox.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I want to protect the login form of my Rails application using HTTPS. After

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply