diff options
| author | Marcin Bunsch and Przemek DÄ…bek <marcin+przemek.dabek@futuresimple.com> | 2012-01-12 20:31:23 +0100 |
|---|---|---|
| committer | Marcin Bunsch <marcin@futuresimple.com> | 2012-01-12 20:31:23 +0100 |
| commit | 321dae5dccded1eff6587582c8f0e0b88ca8303c (patch) | |
| tree | 5376ad08d11d5c659a11f96896b74b4ecd71afd7 | |
| parent | e927f06b2528bef52087dd12f012c20ab26fb59c (diff) | |
| download | rails-321dae5dccded1eff6587582c8f0e0b88ca8303c.tar.gz rails-321dae5dccded1eff6587582c8f0e0b88ca8303c.tar.bz2 rails-321dae5dccded1eff6587582c8f0e0b88ca8303c.zip | |
When force redirecting to SSL, make sure that the session is kept. As we're moving from a non-secure to secure environment, it's safe
| -rw-r--r-- | actionpack/lib/action_controller/metal/force_ssl.rb | 1 | ||||
| -rw-r--r-- | actionpack/test/controller/force_ssl_test.rb | 38 |
2 files changed, 38 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb index 0fd42f9d8a..b45f211e83 100644 --- a/actionpack/lib/action_controller/metal/force_ssl.rb +++ b/actionpack/lib/action_controller/metal/force_ssl.rb @@ -29,6 +29,7 @@ module ActionController if !request.ssl? && !Rails.env.development? redirect_options = {:protocol => 'https://', :status => :moved_permanently} redirect_options.merge!(:host => host) if host + flash.keep redirect_to redirect_options end end diff --git a/actionpack/test/controller/force_ssl_test.rb b/actionpack/test/controller/force_ssl_test.rb index 43b20fdead..125012631e 100644 --- a/actionpack/test/controller/force_ssl_test.rb +++ b/actionpack/test/controller/force_ssl_test.rb @@ -26,6 +26,23 @@ class ForceSSLExceptAction < ForceSSLController force_ssl :except => :banana end +class ForceSSLFlash < ForceSSLController + force_ssl :except => [:banana, :set_flash, :use_flash] + + def set_flash + flash["that"] = "hello" + redirect_to '/force_ssl_flash/cheeseburger' + end + + def use_flash + @flash_copy = {}.update flash + @flashy = flash["that"] + render :inline => "hello" + end + +end + + class ForceSSLControllerLevelTest < ActionController::TestCase tests ForceSSLControllerLevel @@ -50,7 +67,7 @@ class ForceSSLCustomDomainTest < ActionController::TestCase assert_response 301 assert_equal "https://secure.test.host/force_ssl_custom_domain/banana", redirect_to_url end - + def test_cheeseburger_redirects_to_https_with_custom_host get :cheeseburger assert_response 301 @@ -101,3 +118,22 @@ class ForceSSLExcludeDevelopmentTest < ActionController::TestCase assert_response 200 end end + +class ForceSSLFlashTest < ActionController::TestCase + tests ForceSSLFlash + + def test_cheeseburger_redirects_to_https + get :set_flash + assert_response 302 + assert_equal "http://test.host/force_ssl_flash/cheeseburger", redirect_to_url + + get :cheeseburger + assert_response 301 + assert_equal "https://test.host/force_ssl_flash/cheeseburger", redirect_to_url + + get :use_flash + assert_equal "hello", assigns["flash_copy"]["that"] + assert_equal "hello", assigns["flashy"] + end + +end |