Class: ForceSslMiddleware

Inherits:

Object

• Object
• ForceSslMiddleware

Defined in:

lib/force_ssl_middleware.rb,
lib/force_ssl_middleware/version.rb

Overview

copied from Rails github.com/rails/rails/blob/2468b161a6ada171cceeddaf418b540eb98f2d55/actionpack/lib/action_dispatch/middleware/ssl.rb#L9 Add support for excluded_paths

Constant Summary

YEAR =

31536000

VERSION =

"0.1.0"

Class Method Summary

• .default_hsts_options ⇒ Object

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app, options = {}) ⇒ ForceSslMiddleware constructor

  A new instance of ForceSslMiddleware.

Constructor Details

#initialize(app, options = {}) ⇒ ForceSslMiddleware

Returns a new instance of ForceSslMiddleware.

# File 'lib/force_ssl_middleware.rb', line 10

def initialize(app, options = {})
  @app = app

  @hsts = options.fetch(:hsts, {})
  @hsts = {} if @hsts == true
  @hsts = self.class.default_hsts_options.merge(@hsts) if @hsts

  @host = options[:host]
  @port = options[:port]

  @excluded_paths = options[:excluded_paths]
  validate_excluded_paths
end

Class Method Details

.default_hsts_options ⇒ Object

# File 'lib/force_ssl_middleware.rb', line 6

def self.default_hsts_options
  { :expires => YEAR, :subdomains => false }
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/force_ssl_middleware.rb', line 24

def call(env)
  request = ActionDispatch::Request.new(env)

  if excluded_path?(request.fullpath)
    @app.call(env)
  else
    if request.ssl?
      status, headers, body = @app.call(env)
      headers.reverse_merge!(hsts_headers)
      flag_cookies_as_secure!(headers)
      [status, headers, body]
    else
      redirect_to_https(request)
    end
  end
end