Awkwardly, I just emailed out links to pay for Rebuilding Rails with “http://” in front. Like, not “https://”.

Not so good. I was immediately called on it by one of my list subscribers, using my own words! Can I just say how much I love you guys for actually paying attention? People on my mailing list rule.

I considered emailing out an abject apology and hoping I never did it again, until it hit me…

“Hey, wait! I should never allow insecure links to that from anybody. Can’t I just force it https?”

Yup. Here’s what I used:

1
2
3
if(window.location.protocol != 'https:') {
  location.href = location.href.replace("http://", "https://");
}

That’s not as good as redirecting to https directly in NGinX, which I may also do. But it’s a great quick fix, and it makes sure that the mistake will be fixed if it happens again.

Free Email Rails Class? Free Chapters? News?

* indicates required
You'll hear about Ruby on Rails internals, database migrations and whatever Rails programmers can benefit from.

Comments