I wanted to have all traffic on a site go through https. Since the site was on heroku. @env['rack.url_scheme'])=='https' wasn’t a sufficient way of detecting if on https. You need to also check (@env['HTTP_X_FORWARDED_PROTO'].

Below I wrote a simple before filter which you could place in the production configuration. After talking with the author of rack-ssl-enforcer I got that patched to work on heroku as well. So that is an even simpler option.

Anyways, I spent far to long googling sinatra https, sinatra ssl, sinatra over https, sinatra secure, and heroku https, and couldn’t find good pages on this for awhile. So here is the info for anyone else wanted to host secure Sinatra pages on heroku.

      <script src="http://gist.github.com/512887.js?file=sinatra_https_redirect.rb"> </script>


blog comments powered by Disqus
Dan Mayer Profile Pic
Welcome to Dan Mayer's development blog. I primary write about Ruby development, distributed teams, and dev/PM process. The archives go back to my first CS classes during college when I was first learning programming. I contribute to a few OSS projects and often work on my own projects, You can find my code on github.

Twitter @danmayer

Github @danmayer