My cheap solution has been implementing a before_filter to request an HTTP authentication before every action is executed.
This solution works well along other authentication layers – Devise or others.
USERS = { "user" => "secret" }
before_filter :authenticate
def authenticate
authenticate_or_request_with_http_digest("Application") do |name|
USERS[name]
end
end
Whenever other peers land at yourdomain.heroku.com, they are asked for HTTP authentication, later for other authentication if in place.