[merb] Re: merb-auth-slice-password need to force https

Wed, 10 Dec 2008 05:48:23 -0800 

On Wed, Dec 10, 2008 at 9:21 PM, Jon Hancock <[EMAIL PROTECTED]> wrote:

>
> In slices/merb-auth-slice-password/app/controllers/sessions.rb
> I added:
>
> before :require_ssl
>
>  def require_ssl
>      throw :halt, proc { redirect "https://#{request.host}#
> {request.uri}" } unless request.ssl?
>  end
>
>
> This behavior works in my main Application controller just fine.
> However its not working here.
>
> This problem also begs two other things:
> 1 - shouldn't https redirect be a default setting for something like
> loging in?  I realize it blows for just using mongrel without an https
> proxy in front, so needs to have setting to turn it off for dev mode
> folks that use mongrel without anything in front.


You make good points as usual.  How would you see something like this
implemented?

Basically what I believe is going on is that the before filters on the slice
are applied before your monkey patched version in
slices/merb-auth-slice-password....  so that they are then executed after.
So... we could indeed have some kind of configuration setting, _or_ we can
apply the filters in an after_app_loads block... I'm not sure I like either
of those :(  Got any thoughts?


>
> 2 - there have been several cases with the auth slice where the fact
> that it does not inherit from my main Application controller causes me
> to copy/paste controller and helper code special just for the slice.
> I think this is a general issue for slice behaviors.


It's a general thing for slices...  The global helper should be included,
and you can also include other helpers from your app into them to prevent
code duplication.

Churs
Daniel


>
>
> thanks, Jon
> http://shellshadow.com
>
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"merb" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/merb?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to