diff options
| author | Taishi Kasuga <kasuga@livesense.co.jp> | 2016-11-22 14:40:10 +0900 |
|---|---|---|
| committer | Taishi Kasuga <kasuga@livesense.co.jp> | 2016-11-22 14:40:10 +0900 |
| commit | 28f8914962108a9d3147ed01db1f37a493d79d8a (patch) | |
| tree | 6ed15d04290c8bea6f46b04f6917848affa7e639 | |
| parent | 6cd65861e93250159b19eac5b990a100f566e0ff (diff) | |
| download | rails-28f8914962108a9d3147ed01db1f37a493d79d8a.tar.gz rails-28f8914962108a9d3147ed01db1f37a493d79d8a.tar.bz2 rails-28f8914962108a9d3147ed01db1f37a493d79d8a.zip | |
Fix a force ssl redirection bug that occur when session store disabled.
| -rw-r--r-- | actionpack/lib/action_controller/metal/force_ssl.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/controller/force_ssl_test.rb | 24 |
2 files changed, 25 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb index b8976497a4..9d43e752ac 100644 --- a/actionpack/lib/action_controller/metal/force_ssl.rb +++ b/actionpack/lib/action_controller/metal/force_ssl.rb @@ -89,7 +89,7 @@ module ActionController end secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS)) - flash.keep if respond_to?(:flash) + flash.keep if respond_to?(:flash) && request.respond_to?(:flash) redirect_to secure_url, options.slice(*REDIRECT_OPTIONS) end end diff --git a/actionpack/test/controller/force_ssl_test.rb b/actionpack/test/controller/force_ssl_test.rb index 2b3859aa57..af3eedabe2 100644 --- a/actionpack/test/controller/force_ssl_test.rb +++ b/actionpack/test/controller/force_ssl_test.rb @@ -92,6 +92,22 @@ class RedirectToSSL < ForceSSLController end end +class RedirectToSSLIfSessionStoreDisabled < ForceSSLController + def banana + request.class_eval do + alias_method :flash_origin, :flash + undef_method :flash + end + + force_ssl_redirect || render(plain: "monkey") + ensure + request.class_eval do + alias_method :flash, :flash_origin + undef_method :flash_origin + end + end +end + class ForceSSLControllerLevelTest < ActionController::TestCase def test_banana_redirects_to_https get :banana @@ -321,6 +337,14 @@ class RedirectToSSLTest < ActionController::TestCase end end +class RedirectToSSLIfSessionStoreDisabledTest < ActionController::TestCase + def test_banana_redirects_to_https_if_not_https_and_session_store_disabled + get :banana + assert_response 301 + assert_equal "https://test.host/redirect_to_ssl_if_session_store_disabled/banana", redirect_to_url + end +end + class ForceSSLControllerLevelTest < ActionController::TestCase def test_no_redirect_websocket_ssl_request request.env["rack.url_scheme"] = "wss" |