It’s indeed pretty simple in Rails 3. In config/routes.rb
:
MyApplication::Application.routes.draw do
resources :sessions, :constraints => { :protocol => "https" }
end
Or if you need to force SSL for multiple routes:
MyApplication::Application.routes.draw do
scope :constraints => { :protocol => "https" } do
# All your SSL routes.
end
end
And linking to SSL routes can be done like this:
<%= link_to "Logout", sessions_url(:protocol => 'https'), :method => :delete %>
If you wish to automatically redirect some controllers (or actually, some subpaths) to an equivalent https-based URL, you can add something like this to your routes (I wish this part were simpler):
# Redirect /foos and anything starting with /foos/ to https.
match "foos(/*path)", :to => redirect { |_, request|
"https://" + request.host_with_port + request.fullpath }