3 files changed, 31 insertions, 3 deletions

diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index d920668184..5a8c7db162 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -89,7 +89,7 @@ module ActionController
         end
 
         secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
-        flash.keep if respond_to?(:flash)
+        flash.keep if request.respond_to?(:flash)
         redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
       end
     end
diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb
index 33c24999f9..6ffd7a7d2b 100644
--- a/actionpack/lib/action_controller/test_case.rb
+++ b/actionpack/lib/action_controller/test_case.rb
@@ -659,7 +659,9 @@ module ActionController
         @request.assign_parameters(@routes, controller_class_name, action.to_s, parameters)
 
         @request.session.update(session) if session
-        @request.flash.update(flash || {})
+
+        is_request_flash_enabled = @request.respond_to?(:flash)
+        @request.flash.update(flash || {}) if is_request_flash_enabled
 
         if xhr
           @request.env['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
@@ -685,7 +687,8 @@ module ActionController
 
         @assigns = @controller.respond_to?(:view_assigns) ? @controller.view_assigns : {}
 
-        if flash_value = @request.flash.to_session_value
+        flash_value = is_request_flash_enabled ? @request.flash.to_session_value : nil
+        if flash_value
           @request.session['flash'] = flash_value
         else
           @request.session.delete('flash')
diff --git a/actionpack/test/controller/force_ssl_test.rb b/actionpack/test/controller/force_ssl_test.rb
index 04222745d9..a1bb1cee58 100644
--- a/actionpack/test/controller/force_ssl_test.rb
+++ b/actionpack/test/controller/force_ssl_test.rb
@@ -321,4 +321,29 @@ class RedirectToSSLTest < ActionController::TestCase
     assert_response 200
     assert_equal 'ihaz', response.body
   end
+
+  def test_banana_redirects_to_https_if_not_https_and_flash_middleware_is_disabled
+    disable_flash
+    get :banana
+    assert_response 301
+    assert_equal 'https://test.host/redirect_to_ssl/banana', redirect_to_url
+  ensure
+    enable_flash
+  end
+
+  private
+
+  def disable_flash
+    ActionDispatch::TestRequest.class_eval do
+      alias_method :flash_origin, :flash
+      undef_method :flash
+    end
+  end
+
+  def enable_flash
+    ActionDispatch::TestRequest.class_eval do
+      alias_method :flash, :flash_origin
+      undef_method :flash_origin
+    end
+  end
 end