Permalink
Browse files

SSL should not be disabled by default in any environment.

  • Loading branch information...
1 parent ed988ee commit ab838900f8a5fac4ad251257a77ae0edf7543942 @pat pat committed with pixeltrix Feb 13, 2012
View
2 actionpack/lib/action_controller/metal/force_ssl.rb
@@ -26,7 +26,7 @@ module ClassMethods
def force_ssl(options = {})
host = options.delete(:host)
before_filter(options) do
- if !request.ssl? && !Rails.env.development?
+ unless request.ssl?
redirect_options = {:protocol => 'https://', :status => :moved_permanently}
redirect_options.merge!(:host => host) if host
redirect_options.merge!(:params => request.query_parameters)
View
14 actionpack/test/controller/force_ssl_test.rb
@@ -109,20 +109,6 @@ def test_cheeseburger_redirects_to_https
end
end
-class ForceSSLExcludeDevelopmentTest < ActionController::TestCase
- tests ForceSSLControllerLevel
-
- def setup
- Rails.env.stubs(:development?).returns(false)
- end
-
- def test_development_environment_not_redirects_to_https
- Rails.env.stubs(:development?).returns(true)
- get :banana
- assert_response 200
- end
-end
-
class ForceSSLFlashTest < ActionController::TestCase
tests ForceSSLFlash

0 comments on commit ab83890

Please sign in to comment.