Skip to content
Browse files

When force redirecting to SSL, make sure that the session is kept. As…

… we're moving from a non-secure to secure environment, it's safe
  • Loading branch information...
1 parent e927f06 commit 321dae5dccded1eff6587582c8f0e0b88ca8303c Marcin Bunsch and Przemek Dąbek committed with Marcin Bunsch Jan 12, 2012
View
1 actionpack/lib/action_controller/metal/force_ssl.rb
@@ -29,6 +29,7 @@ def force_ssl(options = {})
if !request.ssl? && !Rails.env.development?
redirect_options = {:protocol => 'https://', :status => :moved_permanently}
redirect_options.merge!(:host => host) if host
+ flash.keep
redirect_to redirect_options
end
end
View
38 actionpack/test/controller/force_ssl_test.rb
@@ -26,6 +26,23 @@ class ForceSSLExceptAction < ForceSSLController
force_ssl :except => :banana
end
+class ForceSSLFlash < ForceSSLController
+ force_ssl :except => [:banana, :set_flash, :use_flash]
+
+ def set_flash
+ flash["that"] = "hello"
+ redirect_to '/force_ssl_flash/cheeseburger'
+ end
+
+ def use_flash
+ @flash_copy = {}.update flash
+ @flashy = flash["that"]
+ render :inline => "hello"
+ end
+
+end
+
+
class ForceSSLControllerLevelTest < ActionController::TestCase
tests ForceSSLControllerLevel
@@ -50,7 +67,7 @@ def test_banana_redirects_to_https_with_custom_host
assert_response 301
assert_equal "https://secure.test.host/force_ssl_custom_domain/banana", redirect_to_url
end
-
+
def test_cheeseburger_redirects_to_https_with_custom_host
get :cheeseburger
assert_response 301
@@ -101,3 +118,22 @@ def test_development_environment_not_redirects_to_https
assert_response 200
end
end
+
+class ForceSSLFlashTest < ActionController::TestCase
+ tests ForceSSLFlash
+
+ def test_cheeseburger_redirects_to_https
+ get :set_flash
+ assert_response 302
+ assert_equal "http://test.host/force_ssl_flash/cheeseburger", redirect_to_url
+
+ get :cheeseburger
+ assert_response 301
+ assert_equal "https://test.host/force_ssl_flash/cheeseburger", redirect_to_url
+
+ get :use_flash
+ assert_equal "hello", assigns["flash_copy"]["that"]
+ assert_equal "hello", assigns["flashy"]
+ end
+
+end

0 comments on commit 321dae5

Please sign in to comment.
Something went wrong with that request. Please try again.