diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2011-03-29 17:38:43 -0700 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2011-03-29 17:38:43 -0700 |
commit | 0471fc9f1cf95865a9810b46f1227783fee40ab5 (patch) | |
tree | 50c6a1990e7b97b7960a692c9441e686cbcb4902 /actionpack/lib/action_controller/metal/force_ssl.rb | |
parent | 28c73f012328c8386acfc608f0dfb1a459dbf170 (diff) | |
parent | 58becf116580c37c63b89f4a660ebe293f6e7c4e (diff) | |
download | rails-0471fc9f1cf95865a9810b46f1227783fee40ab5.tar.gz rails-0471fc9f1cf95865a9810b46f1227783fee40ab5.tar.bz2 rails-0471fc9f1cf95865a9810b46f1227783fee40ab5.zip |
Merge branch 'master' into zomg
* master: (51 commits)
order is not guaranteed by this select, so add an order and call first!
oracle stores this with microseconds, so convert to seconds before comparing
make sure that active connections are not cleared during test when an exception happens
clearing active connections in the ConnectionManagement middleware if an exception happens
proxy body responses so we close database connections after body is flushed
Pass the proper method_name instead of hardcoding to action_name.
Quote find_in_batches ORDER BY clause [#6620 state:resolved]
Delegate first!, last!, any? and many? to scoped
Dont call authenticate_or_request_with_http_basic twice
Remove 'warning: ambiguous first argument' when running ActionPack tests
Change exists? so that it doesn't instantiate records [#6127 state:resolved]
Move mapper_test to the appropriate location
Update the wildcard route to be non-greedy by default, therefore be able to match the (.:format) segment [#6605 state:resolved]
Fix examples
Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call [DHH]
make sure we have an active database connection before running each connection management test
adding active_connections? to the connection pool for finding open connections
adding active_connection? to the connection pool
testing app delegation from the ConnectionManagement middleware
namespacing connection management tests. :heart:
...
Diffstat (limited to 'actionpack/lib/action_controller/metal/force_ssl.rb')
-rw-r--r-- | actionpack/lib/action_controller/metal/force_ssl.rb | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb new file mode 100644 index 0000000000..eb8ed7dfbd --- /dev/null +++ b/actionpack/lib/action_controller/metal/force_ssl.rb @@ -0,0 +1,35 @@ +module ActionController + # This module provides a method which will redirects browser to use HTTPS + # protocol. This will ensure that user's sensitive information will be + # transferred safely over the internet. You _should_ always force browser + # to use HTTPS when you're transferring sensitive information such as + # user authentication, account information, or credit card information. + # + # Note that if you really concern about your application safety, you might + # consider using +config.force_ssl+ in your configuration config file instead. + # That will ensure all the data transferred via HTTPS protocol and prevent + # user from getting session hijacked when accessing the site under unsecured + # HTTP protocol. + module ForceSSL + extend ActiveSupport::Concern + include AbstractController::Callbacks + + module ClassMethods + # Force the request to this particular controller or specified actions to be + # under HTTPS protocol. + # + # Note that this method will not be effective on development environment. + # + # ==== Options + # * <tt>only</tt> - The callback should be run only for this action + # * <tt>except<tt> - The callback should be run for all actions except this action + def force_ssl(options = {}) + before_filter(options) do + if !request.ssl? && !Rails.env.development? + redirect_to :protocol => 'https://', :status => :moved_permanently + end + end + end + end + end +end
\ No newline at end of file |