Snippet #689

Created 11/30/2010, updated 5/18/2017

This post suggests that you enforce an "SSL-all-the-time" approach at the application level, using a gem. Personally, I think that's the wrong level. I think a much more appropriate boundary is at the front end; for example, at the nginx level, use rewrite rules and redirects to ensure that non-SSL traffic never even touches your Rails app.

← Snippet #690
Snippet #688 →

All snippets