diff options
| author | Kasper Timm Hansen <kaspth@gmail.com> | 2016-03-03 21:09:58 +0100 |
|---|---|---|
| committer | Kasper Timm Hansen <kaspth@gmail.com> | 2016-03-03 21:09:58 +0100 |
| commit | 493313228aab26a7e8a241c1be2a73d52ba60f0d (patch) | |
| tree | fd63756e34a65dce426790ed60f0123be4a0f994 /actionpack | |
| parent | 2ef8a0e2b87a9c4204ee49410b3a107958790b98 (diff) | |
| download | rails-493313228aab26a7e8a241c1be2a73d52ba60f0d.tar.gz rails-493313228aab26a7e8a241c1be2a73d52ba60f0d.tar.bz2 rails-493313228aab26a7e8a241c1be2a73d52ba60f0d.zip | |
Rename constrain_to to exclude.
`ActionDispatch::SSL` redirects all HTTP requests to HTTPS, not just some.
The `constrain_to` option inverts this, so it sounds like the middleware
only handles a few requests, rather than the majority with a few routes to
opt out of the redirect.
Renaming to `exclude` matches this intent more closely.
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/ssl.rb | 7 | ||||
| -rw-r--r-- | actionpack/test/dispatch/ssl_test.rb | 8 |
2 files changed, 8 insertions, 7 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb index cb442af19b..c3f4034ed5 100644 --- a/actionpack/lib/action_dispatch/middleware/ssl.rb +++ b/actionpack/lib/action_dispatch/middleware/ssl.rb @@ -37,7 +37,7 @@ module ActionDispatch # # Redirection can be constrained to only whitelisted requests with `constrain_to`: # - # config.ssl_options = { redirect: { constrain_to: -> request { request.path !~ /healthcheck/ } } } + # config.ssl_options = { redirect: { exclude: -> request { request.path =~ /healthcheck/ } } } class SSL # Default to 180 days, the low end for https://www.ssllabs.com/ssltest/ # and greater than the 18-week requirement for browser preload lists. @@ -59,7 +59,8 @@ module ActionDispatch else @redirect = redirect end - @constrain_to = @redirect && @redirect[:constrain_to] || proc { @redirect } + + @exclude = @redirect && @redirect[:exclude] || proc { !@redirect } @secure_cookies = secure_cookies if hsts != true && hsts != false && hsts[:subdomains].nil? @@ -84,7 +85,7 @@ module ActionDispatch flag_cookies_as_secure! headers if @secure_cookies end else - return redirect_to_https request if @constrain_to.call(request) + return redirect_to_https request unless @exclude.call(request) @app.call(env) end end diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb index bb2125e485..668b2b6cfe 100644 --- a/actionpack/test/dispatch/ssl_test.rb +++ b/actionpack/test/dispatch/ssl_test.rb @@ -39,11 +39,11 @@ class RedirectSSLTest < SSLTest assert_equal redirect[:body].join, @response.body end - test 'constrain to can avoid redirect' do - constraining = { constrain_to: -> request { request.path !~ /healthcheck/ } } + test 'exclude can avoid redirect' do + excluding = { exclude: -> request { request.path =~ /healthcheck/ } } - assert_not_redirected 'http://example.org/healthcheck', redirect: constraining - assert_redirected from: 'http://example.org/', redirect: constraining + assert_not_redirected 'http://example.org/healthcheck', redirect: excluding + assert_redirected from: 'http://example.org/', redirect: excluding end test 'https is not redirected' do |