Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

SSL redirects to the wrong route #10305

Closed
rickyc opened this Issue · 3 comments

3 participants

@rickyc

I've made a sample application to demonstrate this bug.

Going to http://rails-ssl-bug.herokuapp.com/foo/1 redirects to https://rails-ssl-bug.herokuapp.com/foo/preview/1


It seems that Rails redirects to the first route with matching params, controller + action name.

  match ':foo/preview/:id'                    => 'application#test',  via: [:get], as: :preview
  match ':foo/:id'                            => 'application#test',  via: [:get], as: :test
@steveklabnik
Collaborator

Can you link to the code? having it on Heroku is awesome, too, but having access to the code means we can confirm any fix.

@rickyc

Here's the commit showing the changes I made to a brand new rails app.

rickyc/rails-ssl-bug@e63c2a0

@pixeltrix
Owner

What's happening is that the force_ssl redirects based upon a hash passed to url_for and both routes will match the same params so the first one wins. This isn't easy to fix without Journey remembering the recognised route name and using it when it generates the url. The other option is to manipulate the url string directly rather than trying to regenerate the url.

@pixeltrix pixeltrix was assigned
@pixeltrix pixeltrix closed this issue from a commit
@pixeltrix pixeltrix Use `request.fullpath` to build redirect url in `force_ssl`
The `force_ssl` command now builds the redirect url from `request.fullpath`.
This ensures that the format is maintained and it doesn't redirect to a route
that has the same parameters but is defined earlier in `routes.rb`. Also any
optional segments are maintained.

Fixes #7528.
Fixes #9061.
Fixes #10305.
8227bf7
@pixeltrix pixeltrix closed this in 8227bf7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.