7 files changed, 71 insertions, 40 deletions

diff --git a/actionpack/lib/action_controller/log_subscriber.rb b/actionpack/lib/action_controller/log_subscriber.rb
index 7318c8b7ec..9279d8bcea 100644
--- a/actionpack/lib/action_controller/log_subscriber.rb
+++ b/actionpack/lib/action_controller/log_subscriber.rb
@@ -33,7 +33,7 @@ module ActionController
     end
 
     def halted_callback(event)
-      info("Filter chain halted as #{event.payload[:filter]} rendered or redirected")
+      info("Filter chain halted as #{event.payload[:filter].inspect} rendered or redirected")
     end
 
     def send_file(event)
diff --git a/actionpack/lib/action_controller/metal.rb b/actionpack/lib/action_controller/metal.rb
index 143b3e0cbd..b84c9e78c3 100644
--- a/actionpack/lib/action_controller/metal.rb
+++ b/actionpack/lib/action_controller/metal.rb
@@ -36,8 +36,7 @@ module ActionController
       raise "MiddlewareStack#build requires an app" unless app
 
       middlewares.reverse.inject(app) do |a, middleware|
-        middleware.valid?(action) ?
-          middleware.build(a) : a
+        middleware.valid?(action) ? middleware.build(a) : a
       end
     end
   end
@@ -57,7 +56,7 @@ module ActionController
   # And then to route requests to your metal controller, you would add
   # something like this to <tt>config/routes.rb</tt>:
   #
-  #   match 'hello', to: HelloController.action(:index)
+  #   get 'hello', to: HelloController.action(:index)
   #
   # The +action+ method returns a valid Rack application for the \Rails
   # router to dispatch to.
diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index f1e8714a86..b8afce42c9 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -1,3 +1,6 @@
+require 'active_support/core_ext/hash/except'
+require 'active_support/core_ext/hash/slice'
+
 module ActionController
   # This module provides a method which will redirect browser to use HTTPS
   # protocol. This will ensure that user's sensitive information will be
@@ -14,6 +17,10 @@ module ActionController
     extend ActiveSupport::Concern
     include AbstractController::Callbacks
 
+    ACTION_OPTIONS = [:only, :except, :if, :unless]
+    URL_OPTIONS = [:protocol, :host, :domain, :subdomain, :port, :path]
+    REDIRECT_OPTIONS = [:status, :flash, :alert, :notice]
+
     module ClassMethods
       # Force the request to this particular controller or specified actions to be
       # under HTTPS protocol.
@@ -29,18 +36,34 @@ module ActionController
       #       end
       #     end
       #
-      # ==== Options
-      # * <tt>host</tt>   - Redirect to a different host name
-      # * <tt>only</tt>   - The callback should be run only for this action
-      # * <tt>except</tt> - The callback should be run for all actions except this action
-      # * <tt>if</tt>     - A symbol naming an instance method or a proc; the callback
-      #                     will be called only when it returns a true value.
-      # * <tt>unless</tt> - A symbol naming an instance method or a proc; the callback
-      #                     will be called only when it returns a false value.
+      # ==== URL Options
+      # You can pass any of the following options to affect the redirect url
+      # * <tt>host</tt>       - Redirect to a different host name
+      # * <tt>subdomain</tt>  - Redirect to a different subdomain
+      # * <tt>domain</tt>     - Redirect to a different domain
+      # * <tt>port</tt>       - Redirect to a non-standard port
+      # * <tt>path</tt>       - Redirect to a different path
+      #
+      # ==== Redirect Options
+      # You can pass any of the following options to affect the redirect status and response
+      # * <tt>status</tt>     - Redirect with a custom status (default is 301 Moved Permanently)
+      # * <tt>flash</tt>      - Set a flash message when redirecting
+      # * <tt>alert</tt>      - Set a alert message when redirecting
+      # * <tt>notice</tt>     - Set a notice message when redirecting
+      #
+      # ==== Action Options
+      # You can pass any of the following options to affect the before_action callback
+      # * <tt>only</tt>       - The callback should be run only for this action
+      # * <tt>except</tt>     - The callback should be run for all actions except this action
+      # * <tt>if</tt>         - A symbol naming an instance method or a proc; the callback
+      #                         will be called only when it returns a true value.
+      # * <tt>unless</tt>     - A symbol naming an instance method or a proc; the callback
+      #                         will be called only when it returns a false value.
       def force_ssl(options = {})
-        host = options.delete(:host)
-        before_action(options) do
-          force_ssl_redirect(host)
+        action_options = options.slice(*ACTION_OPTIONS)
+        redirect_options = options.except(*ACTION_OPTIONS)
+        before_action(action_options) do
+          force_ssl_redirect(redirect_options)
         end
       end
     end
@@ -48,14 +71,26 @@ module ActionController
     # Redirect the existing request to use the HTTPS protocol.
     #
     # ==== Parameters
-    # * <tt>host</tt> - Redirect to a different host name
-    def force_ssl_redirect(host = nil)
+    # * <tt>host_or_options</tt> - Either a host name or any of the url & redirect options
+    #                              available to the <tt>force_ssl</tt> method.
+    def force_ssl_redirect(host_or_options = nil)
       unless request.ssl?
-        redirect_options = {:protocol => 'https://', :status => :moved_permanently}
-        redirect_options.merge!(:host => host) if host
-        redirect_options.merge!(:params => request.query_parameters)
+        options = {
+          :protocol => 'https://',
+          :host     => request.host,
+          :path     => request.fullpath,
+          :status   => :moved_permanently
+        }
+
+        if host_or_options.is_a?(Hash)
+          options.merge!(host_or_options)
+        elsif host_or_options
+          options.merge!(:host => host_or_options)
+        end
+
+        secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
         flash.keep if respond_to?(:flash)
-        redirect_to redirect_options
+        redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
       end
     end
   end
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index d275a854fd..573c739da4 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -199,6 +199,7 @@ module ActionController #:nodoc:
         params[request_forgery_protection_token]
       end
 
+      # Checks if the controller allows forgery protection.
       def protect_against_forgery?
         allow_forgery_protection
       end
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index 23d70c9ea2..44703221f3 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -230,7 +230,7 @@ module ActionController
     #   params = ActionController::Parameters.new({
     #     person: {
     #       contact: {
-    #         email: 'none@test.com'
+    #         email: 'none@test.com',
     #         phone: '555-1234'
     #       }
     #     }
diff --git a/actionpack/lib/action_controller/metal/url_for.rb b/actionpack/lib/action_controller/metal/url_for.rb
index 505f3b4e61..754249cbc8 100644
--- a/actionpack/lib/action_controller/metal/url_for.rb
+++ b/actionpack/lib/action_controller/metal/url_for.rb
@@ -32,7 +32,8 @@ module ActionController
 
       if (same_origin = _routes.equal?(env["action_dispatch.routes"])) ||
          (script_name = env["ROUTES_#{_routes.object_id}_SCRIPT_NAME"]) ||
-         (original_script_name = env['SCRIPT_NAME'])
+         (original_script_name = env['ORIGINAL_SCRIPT_NAME'])
+
         @_url_options.dup.tap do |options|
           if original_script_name
             options[:original_script_name] = original_script_name
diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb
index a35a613158..0cbbbbe1fd 100644
--- a/actionpack/lib/action_controller/test_case.rb
+++ b/actionpack/lib/action_controller/test_case.rb
@@ -455,13 +455,14 @@ module ActionController
       #
       # - +action+: The controller action to call.
       # - +parameters+: The HTTP parameters that you want to pass. This may
-      #   be +nil+, a Hash, or a String that is appropriately encoded
+      #   be +nil+, a hash, or a string that is appropriately encoded
       #   (<tt>application/x-www-form-urlencoded</tt> or <tt>multipart/form-data</tt>).
-      # - +session+: A Hash of parameters to store in the session. This may be +nil+.
-      # - +flash+: A Hash of parameters to store in the flash. This may be +nil+.
+      # - +session+: A hash of parameters to store in the session. This may be +nil+.
+      # - +flash+: A hash of parameters to store in the flash. This may be +nil+.
+      #
+      # You can also simulate POST, PATCH, PUT, DELETE, HEAD, and OPTIONS requests with
+      # +post+, +patch+, +put+, +delete+, +head+, and +options+.
       #
-      # You can also simulate POST, PATCH, PUT, DELETE, and HEAD requests with
-      # +#post+, +#patch+, +#put+, +#delete+, and +#head+.
       # Note that the request method is not verified. The different methods are
       # available to make the tests more expressive.
       def get(action, *args)
@@ -469,41 +470,35 @@ module ActionController
       end
 
       # Simulate a POST request with the given parameters and set/volley the response.
-      # See +#get+ for more details.
+      # See +get+ for more details.
       def post(action, *args)
         process(action, "POST", *args)
       end
 
       # Simulate a PATCH request with the given parameters and set/volley the response.
-      # See +#get+ for more details.
+      # See +get+ for more details.
       def patch(action, *args)
         process(action, "PATCH", *args)
       end
 
       # Simulate a PUT request with the given parameters and set/volley the response.
-      # See +#get+ for more details.
+      # See +get+ for more details.
       def put(action, *args)
         process(action, "PUT", *args)
       end
 
       # Simulate a DELETE request with the given parameters and set/volley the response.
-      # See +#get+ for more details.
+      # See +get+ for more details.
       def delete(action, *args)
         process(action, "DELETE", *args)
       end
 
       # Simulate a HEAD request with the given parameters and set/volley the response.
-      # See +#get+ for more details.
+      # See +get+ for more details.
       def head(action, *args)
         process(action, "HEAD", *args)
       end
 
-      # Simulate a OPTIONS request with the given parameters and set/volley the response.
-      # See +#get+ for more details.
-      def options(action, *args)
-        process(action, "OPTIONS", *args)
-      end
-
       def xml_http_request(request_method, action, parameters = nil, session = nil, flash = nil)
         @request.env['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
         @request.env['HTTP_ACCEPT'] ||=  [Mime::JS, Mime::HTML, Mime::XML, 'text/xml', Mime::ALL].join(', ')
@@ -557,7 +552,7 @@ module ActionController
         parameters ||= {}
         controller_class_name = @controller.class.anonymous? ?
           "anonymous" :
-          @controller.class.name.underscore.sub(/_controller$/, '')
+          @controller.class.controller_path
 
         @request.assign_parameters(@routes, controller_class_name, action.to_s, parameters)