1 files changed, 31 insertions, 9 deletions

diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index 69e37d8713..e905a3cf1d 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -18,23 +18,45 @@ module ActionController
       # Force the request to this particular controller or specified actions to be
       # under HTTPS protocol.
       #
-      # Note that this method will not be effective on development environment.
+      # If you need to disable this for any reason (e.g. development) then you can use
+      # an +:if+ or +:unless+ condition.
+      #
+      #     class AccountsController < ApplicationController
+      #       force_ssl :if => :ssl_configured?
+      #
+      #       def ssl_configured?
+      #         !Rails.env.development?
+      #       end
+      #     end
       #
       # ==== Options
+      # * <tt>host</tt>   - Redirect to a different host name
       # * <tt>only</tt>   - The callback should be run only for this action
-      # * <tt>except<tt>  - The callback should be run for all actions except this action
+      # * <tt>except</tt>  - The callback should be run for all actions except this action
+      # * <tt>if</tt>     - A symbol naming an instance method or a proc; the callback
+      #                     will be called only when it returns a true value.
+      # * <tt>unless</tt> - A symbol naming an instance method or a proc; the callback
+      #                     will be called only when it returns a false value.
       def force_ssl(options = {})
         host = options.delete(:host)
         before_filter(options) do
-          if !request.ssl? && !Rails.env.development?
-            redirect_options = {:protocol => 'https://', :status => :moved_permanently}
-            redirect_options.merge!(:host => host) if host
-            redirect_options.merge!(:params => request.query_parameters)
-            flash.keep
-            redirect_to redirect_options
-          end
+          force_ssl_redirect(host)
         end
       end
     end
+
+    # Redirect the existing request to use the HTTPS protocol.
+    #
+    # ==== Parameters
+    # * <tt>host</tt> - Redirect to a different host name
+    def force_ssl_redirect(host = nil)
+      unless request.ssl?
+        redirect_options = {:protocol => 'https://', :status => :moved_permanently}
+        redirect_options.merge!(:host => host) if host
+        redirect_options.merge!(:params => request.query_parameters)
+        flash.keep if respond_to?(:flash)
+        redirect_to redirect_options
+      end
+    end
   end
 end