diff options
author | Gonçalo Silva <goncalossilva@gmail.com> | 2011-03-28 04:20:49 +0100 |
---|---|---|
committer | Gonçalo Silva <goncalossilva@gmail.com> | 2011-03-28 04:20:49 +0100 |
commit | 6f0caa1a534a065753d51430b649114bc8bf54ac (patch) | |
tree | af9657373436a38ef7828b26a804d1fe12e479ad /actionpack/lib/action_controller | |
parent | 726b7ede54031eecfcee34eec80040553e9ad19f (diff) | |
parent | 245542ea2994961731be105db6c076256a22a7a9 (diff) | |
download | rails-6f0caa1a534a065753d51430b649114bc8bf54ac.tar.gz rails-6f0caa1a534a065753d51430b649114bc8bf54ac.tar.bz2 rails-6f0caa1a534a065753d51430b649114bc8bf54ac.zip |
Merge branch 'master' of https://github.com/rails/rails into performance_test
Diffstat (limited to 'actionpack/lib/action_controller')
-rw-r--r-- | actionpack/lib/action_controller/base.rb | 1 | ||||
-rw-r--r-- | actionpack/lib/action_controller/caching/actions.rb | 13 | ||||
-rw-r--r-- | actionpack/lib/action_controller/metal/force_ssl.rb | 35 |
3 files changed, 42 insertions, 7 deletions
diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index 81c0698fb8..e6523e56d2 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -198,6 +198,7 @@ module ActionController Cookies, Flash, RequestForgeryProtection, + ForceSSL, Streaming, RecordIdentifier, HttpAuthentication::Basic::ControllerMethods, diff --git a/actionpack/lib/action_controller/caching/actions.rb b/actionpack/lib/action_controller/caching/actions.rb index 2c8a6e4d4d..5fc6956266 100644 --- a/actionpack/lib/action_controller/caching/actions.rb +++ b/actionpack/lib/action_controller/caching/actions.rb @@ -56,19 +56,18 @@ module ActionController #:nodoc: # # caches_page :public # - # caches_action :index, :if => proc do |c| - # !c.request.format.json? # cache if is not a JSON request + # caches_action :index, :if => proc do + # !request.format.json? # cache if is not a JSON request # end # # caches_action :show, :cache_path => { :project => 1 }, # :expires_in => 1.hour # - # caches_action :feed, :cache_path => proc do |c| - # if c.params[:user_id] - # c.send(:user_list_url, - # c.params[:user_id], c.params[:id]) + # caches_action :feed, :cache_path => proc do + # if params[:user_id] + # user_list_url(params[:user_id, params[:id]) # else - # c.send(:list_url, c.params[:id]) + # list_url(params[:id]) # end # end # end diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb new file mode 100644 index 0000000000..eb8ed7dfbd --- /dev/null +++ b/actionpack/lib/action_controller/metal/force_ssl.rb @@ -0,0 +1,35 @@ +module ActionController + # This module provides a method which will redirects browser to use HTTPS + # protocol. This will ensure that user's sensitive information will be + # transferred safely over the internet. You _should_ always force browser + # to use HTTPS when you're transferring sensitive information such as + # user authentication, account information, or credit card information. + # + # Note that if you really concern about your application safety, you might + # consider using +config.force_ssl+ in your configuration config file instead. + # That will ensure all the data transferred via HTTPS protocol and prevent + # user from getting session hijacked when accessing the site under unsecured + # HTTP protocol. + module ForceSSL + extend ActiveSupport::Concern + include AbstractController::Callbacks + + module ClassMethods + # Force the request to this particular controller or specified actions to be + # under HTTPS protocol. + # + # Note that this method will not be effective on development environment. + # + # ==== Options + # * <tt>only</tt> - The callback should be run only for this action + # * <tt>except<tt> - The callback should be run for all actions except this action + def force_ssl(options = {}) + before_filter(options) do + if !request.ssl? && !Rails.env.development? + redirect_to :protocol => 'https://', :status => :moved_permanently + end + end + end + end + end +end
\ No newline at end of file |