Always use HTTPs for the jsapi

[ssaunier]

Hello,

The problem with using request.scheme is that Rails doesn't properly detect if HTTPS is used by the end-user behind a load balancer (HTTPs served by the load balancer, and behind that nginx + rails use HTTP).

I think we should just use HTTPS, the performance hit is not that big and the web is moving foward more security.

[coveralls]

Coverage decreased (-29.22%) when pulling 361fec4621c8e6d651431dc9d939e528c086d17b on ssaunier:always-use-https into 6ad43ba6affda9010badbee9bafde4c821451314 on jeremyolliver:master.

[jeremyolliver]

I think it'll be simpler to just change the URL to //www.google.com/jsapi as another user suggested prior to my implementation. (Browsers allow you to leave off the http: or https: in the protocol, and this means same protocol as the current page).

For what it's worth though. To solve the issue that you're currently seeing. You should be setting the header HTTP_X_FORWARDED_PROTO to https in the config of your proxy (nginx). Rails notices this header and request.ssl? returns true if either the actual request is via https, or if that header is present (indicating that the proxy-client connection is encrypted) (also as used here, request.scheme would return https).

[ssaunier]

Thanks for the feedback @jeremyolliver. I update the PR with the change where the browser choses the scheme. Thanks for the nginx tip, I'll look into that!

[coveralls]

Coverage decreased (-29.0%) when pulling 84f0ba6f5784d8818f539a261cefda6af84728fa on ssaunier:always-use-https into 6ad43ba6affda9010badbee9bafde4c821451314 on jeremyolliver:master.

[jeremyolliver]

Cheers, I'll merge this. The test failures are due to the rails 4 release. Looks like only rails 3.X works for now, I'll have to work on that separately