On my current project we are hosting our Rails application on Heroku. While this is great in allowing our client to see changes almost immediately, it also means we have a public site which could in theory be accessed by anyone with the correct URL. To alleviate any concerns around this we decided to simply add basic HTTP authentication to the site as a temporary stopgap.

This is really easy to do in Rails – here I’m enabling it only on production (so I don’t have to type in any username or password in development).

class ApplicationController < ActionController::Base
  protect_from_forgery

  before_filter :basic_http_authentication

  private

  def basic_http_authentication
    if Rails.env.production?
      authenticate_or_request_with_http_basic do |username, password|
        username == 'some_username' && password == 'some_password'
      end
    end
  end
end

Easy! Happy coding.

Share on: Twitter, Facebook, Google+ or use the Permalink