diff options
Diffstat (limited to 'actionpack/lib/action_controller/metal/force_ssl.rb')
-rw-r--r-- | actionpack/lib/action_controller/metal/force_ssl.rb | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb index eb8ed7dfbd..0fd42f9d8a 100644 --- a/actionpack/lib/action_controller/metal/force_ssl.rb +++ b/actionpack/lib/action_controller/metal/force_ssl.rb @@ -1,12 +1,12 @@ module ActionController - # This module provides a method which will redirects browser to use HTTPS + # This module provides a method which will redirect browser to use HTTPS # protocol. This will ensure that user's sensitive information will be # transferred safely over the internet. You _should_ always force browser # to use HTTPS when you're transferring sensitive information such as # user authentication, account information, or credit card information. # - # Note that if you really concern about your application safety, you might - # consider using +config.force_ssl+ in your configuration config file instead. + # Note that if you are really concerned about your application security, + # you might consider using +config.force_ssl+ in your config file instead. # That will ensure all the data transferred via HTTPS protocol and prevent # user from getting session hijacked when accessing the site under unsecured # HTTP protocol. @@ -24,12 +24,15 @@ module ActionController # * <tt>only</tt> - The callback should be run only for this action # * <tt>except<tt> - The callback should be run for all actions except this action def force_ssl(options = {}) + host = options.delete(:host) before_filter(options) do if !request.ssl? && !Rails.env.development? - redirect_to :protocol => 'https://', :status => :moved_permanently + redirect_options = {:protocol => 'https://', :status => :moved_permanently} + redirect_options.merge!(:host => host) if host + redirect_to redirect_options end end end end end -end
\ No newline at end of file +end |