Is there a way to combine mutiple only, multiple ignore with strict

Question

Is there a way to combine mutiple only, multiple ignore with strict

akashkamboj opened this issue 11 years ago · 6 comments

Hey

I have a site where users, settings pages required SSL, rest pages I don't want to run on SSL. both the pages shows some images. So I want assets, system directory to ignore SSL, this is the config I tried with no luck:

config.middleware.use Rack::SslEnforcer, only: ['/users/', '/settings/'], ignore:  ['/assets/', '/system/'], strict: true

Is this scenario possible with rack-ssl-enforcer?

Answer 1 · 2014-03-17T07:10:10.000Z

Hey,

strict forces every non matching constraint to http, so this:
config.middleware.use Rack::SslEnforcer, only: ['/users/', '/settings/'], strict: true
should force your users and settings paths to SSL, while everything else will be forced to http...

Answer 2 · 2014-03-17T07:12:38.000Z

Isn't there a way to ignore assets, system with strict on?

Answer 3 · 2014-03-17T07:15:44.000Z

Basically i see no reason why

config.middleware.use Rack::SslEnforcer, only: ['/users/', '/settings/'], ignore: ['/assets/', '/system/'], strict: true

wouldn't work. Could you provide a failing test case?

Answer 4 · 2014-03-17T07:24:16.000Z

what's the difference in above and this:

config.middleware.use Rack::SslEnforcer, only: [%r{^/users}, %r{^/settings}], ignore: [%r{^/assets}, %r{^/system}], strict: true

because this seems working fine :)

Answer 5 · 2014-03-17T07:27:21.000Z

Another issue is regarding only_hosts and only combination.

On another thought actually i have an opened issue for that, lemme discuss that there. Closing this.

Answer 6 · 2014-03-17T07:27:26.000Z

Meh,

sorry i always forget why i never liked the string constraints: '/users/' will extactly match /users/, not /users/john or anything else...