Rails 3: Make sure the user uses https

I have a Rails 3 app running on Heroku and I also have a SSL installed and working. However, my users can still access the site without the https. How do I make sure that all urls are accessed using https?

Thanks

Edit:

I've tried adding this to applicat开发者_如何转开发ion_controller.rb

 before_filter :redirect_to_ssl

  def redirect_to_ssl
      redirect_to url_for params.merge({:protocol => 'https://'})
  end

But I receive a Error 310 (net::ERR_TOO_MANY_REDIRECTS) error.

you may need to check if you are already using ssl... this works for us.

before_filter :redirect_to_ssl
def redirect_to_ssl
    redirect_to :protocol => "https://" unless (request.ssl?)
end

There is a configuration setting you can use in config/production.rb or application.rb for your production environment.

# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true

This served me well on my Rails app without writing extra code.

Here's an answer I posted to a similar question.

Otherwise, you can use Rack::SSL.