Module: Roda::RodaPlugins::RedirectHttpToHttps

Defined in:

lib/roda/plugins/redirect_http_to_https.rb

Overview

The redirect_http_to_https plugin exposes a redirect_http_to_https request method that redirects HTTP requests to HTTPS, helping to ensure that future requests by the same browser will be submitted securely.

You should use this plugin if you have an application that can receive requests using both HTTP and HTTPS, and you want to make sure that all or a subset of routes are only handled for HTTPS requests.

The reason this exposes a request method is so that you can choose where in your routing tree to do the redirection:

route do |r|
  # routes available via both HTTP and HTTPS
  r.redirect_http_to_https
  # routes available only via HTTPS
end

If you want to redirect to HTTPS for all routes in the routing tree, you can have this as the very first method call in the routing tree. Note that in Roda it is possible to handle routing before the normal routing tree using before hooks. The static_routing and heartbeat plugins use this feature. If you would like to handle routes before the normal routing tree, you can setup a before hook:

plugin :hooks

before do
  request.redirect_http_to_https
end

Defined Under Namespace

Modules: RequestMethods

Class Method Summary

• .configure(app, opts = OPTS) ⇒ Object

  Configures redirection from HTTP to HTTPS.

Class Method Details

.configure(app, opts = OPTS) ⇒ Object

Configures redirection from HTTP to HTTPS. Available options:

:body

The body used in the redirect. If not set, uses an empty body.

:headers

Any additional headers used in the redirect response. By default, no additional headers are set, the only header used is the Location header.

:host

The host to redirect to. If not set, redirects to the same host as the HTTP requested to. It is highly recommended that you set this if requests with arbitrary Host headers can be submitted to the application.

:port

The port to use in the redirect. By default, will not set an explicit port, so that it will implicitly use the HTTPS default port of 443.

:status_map

A hash mapping request methods to response status codes. By default, uses a hash that redirects GET and HEAD requests with a 301 status, and other request methods with a 307 status.

# File 'lib/roda/plugins/redirect_http_to_https.rb', line 55

def self.configure(app, opts=OPTS)
  previous = app.opts[:redirect_http_to_https] || DEFAULTS
  opts = app.opts[:redirect_http_to_https] = previous.merge(opts)
  opts[:port_string] = opts[:port] ? ":#{opts[:port]}".freeze : "".freeze
  opts[:prefix] = opts[:host] ? "https://#{opts[:host]}#{opts[:port_string]}".freeze : nil
  opts.freeze
end