Is there a way to combine mutiple only, multiple ignore with strict

[akashkamboj]

Hey

I have a site where users, settings pages required SSL, rest pages I don't want to run on SSL. both the pages shows some images. So I want assets, system directory to ignore SSL, this is the config I tried with no luck:

config.middleware.use Rack::SslEnforcer, only: ['/users/', '/settings/'], ignore:  ['/assets/', '/system/'], strict: true

Is this scenario possible with rack-ssl-enforcer?

[tobmatth]

Hey,

strict forces every non matching constraint to http, so this:
config.middleware.use Rack::SslEnforcer, only: ['/users/', '/settings/'], strict: true
should force your users and settings paths to SSL, while everything else will be forced to http...

[akashkamboj]

Isn't there a way to ignore assets, system with strict on?

[tobmatth]

Basically i see no reason why

config.middleware.use Rack::SslEnforcer, only: ['/users/', '/settings/'], ignore: ['/assets/', '/system/'], strict: true

wouldn't work. Could you provide a failing test case?

[akashkamboj]

what's the difference in above and this:

config.middleware.use Rack::SslEnforcer, only: [%r{^/users}, %r{^/settings}], ignore: [%r{^/assets}, %r{^/system}], strict: true

because this seems working fine :)

[akashkamboj]

Another issue is regarding only_hosts and only combination.

On another thought actually i have an opened issue for that, lemme discuss that there. Closing this.

[tobmatth]

Meh,

sorry i always forget why i never liked the string constraints: '/users/' will extactly match /users/, not /users/john or anything else...