diff options
| -rw-r--r-- | actionpack/CHANGELOG.md | 12 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/metal/force_ssl.rb | 17 | ||||
| -rw-r--r-- | actionpack/test/controller/force_ssl_test.rb | 14 |
3 files changed, 27 insertions, 16 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index afd47c858c..caafe4f566 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,5 +1,17 @@ ## Rails 4.0.0 (unreleased) ## +* Don't ignore `force_ssl` in development. This is a change of behavior - use a `:if` condition to recreate the old behavior. + + class AccountsController < ApplicationController + force_ssl :if => :ssl_configured? + + def ssl_configured? + !Rails.env.development? + end + end + + *Pat Allan* + * Adds support for the PATCH verb: * Request objects respond to `patch?`. * Routes have a new `patch` method, and understand `:patch` in the diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb index 69e37d8713..6feec9262c 100644 --- a/actionpack/lib/action_controller/metal/force_ssl.rb +++ b/actionpack/lib/action_controller/metal/force_ssl.rb @@ -18,15 +18,28 @@ module ActionController # Force the request to this particular controller or specified actions to be # under HTTPS protocol. # - # Note that this method will not be effective on development environment. + # If you need to disable this for any reason (e.g. development) then you can use + # an +:if+ or +:unless+ condition. + # + # class AccountsController < ApplicationController + # force_ssl :if => :ssl_configured? + # + # def ssl_configured? + # !Rails.env.development? + # end + # end # # ==== Options # * <tt>only</tt> - The callback should be run only for this action # * <tt>except<tt> - The callback should be run for all actions except this action + # * <tt>if</tt> - A symbol naming an instance method or a proc; the callback + # will be called only when it returns a true value. + # * <tt>unless</tt> - A symbol naming an instance method or a proc; the callback + # will be called only when it returns a false value. def force_ssl(options = {}) host = options.delete(:host) before_filter(options) do - if !request.ssl? && !Rails.env.development? + unless request.ssl? redirect_options = {:protocol => 'https://', :status => :moved_permanently} redirect_options.merge!(:host => host) if host redirect_options.merge!(:params => request.query_parameters) diff --git a/actionpack/test/controller/force_ssl_test.rb b/actionpack/test/controller/force_ssl_test.rb index b681a19fe0..7feeda25b3 100644 --- a/actionpack/test/controller/force_ssl_test.rb +++ b/actionpack/test/controller/force_ssl_test.rb @@ -109,20 +109,6 @@ class ForceSSLExceptActionTest < ActionController::TestCase end end -class ForceSSLExcludeDevelopmentTest < ActionController::TestCase - tests ForceSSLControllerLevel - - def setup - Rails.env.stubs(:development?).returns(false) - end - - def test_development_environment_not_redirects_to_https - Rails.env.stubs(:development?).returns(true) - get :banana - assert_response 200 - end -end - class ForceSSLFlashTest < ActionController::TestCase tests ForceSSLFlash |