Class: ForceSslMiddleware

Inherits:
Object
  • Object
show all
Defined in:
lib/force_ssl_middleware.rb,
lib/force_ssl_middleware/version.rb

Overview

Constant Summary collapse

YEAR =
31536000
VERSION =
"0.1.0"

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app, options = {}) ⇒ ForceSslMiddleware

Returns a new instance of ForceSslMiddleware.


10
11
12
13
14
15
16
17
18
19
20
21
22
# File 'lib/force_ssl_middleware.rb', line 10

def initialize(app, options = {})
  @app = app

  @hsts = options.fetch(:hsts, {})
  @hsts = {} if @hsts == true
  @hsts = self.class.default_hsts_options.merge(@hsts) if @hsts

  @host = options[:host]
  @port = options[:port]

  @excluded_paths = options[:excluded_paths]
  validate_excluded_paths
end

Class Method Details

.default_hsts_optionsObject


6
7
8
# File 'lib/force_ssl_middleware.rb', line 6

def self.default_hsts_options
  { :expires => YEAR, :subdomains => false }
end

Instance Method Details

#call(env) ⇒ Object


24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'lib/force_ssl_middleware.rb', line 24

def call(env)
  request = ActionDispatch::Request.new(env)

  if excluded_path?(request.fullpath)
    @app.call(env)
  else
    if request.ssl?
      status, headers, body = @app.call(env)
      headers.reverse_merge!(hsts_headers)
      flag_cookies_as_secure!(headers)
      [status, headers, body]
    else
      redirect_to_https(request)
    end
  end
end