SSL redirects to the wrong route #10305

Closed
rickyc opened this Issue Apr 22, 2013 · 3 comments

Projects

None yet

3 participants

@rickyc
rickyc commented Apr 22, 2013

I've made a sample application to demonstrate this bug.

Going to http://rails-ssl-bug.herokuapp.com/foo/1 redirects to https://rails-ssl-bug.herokuapp.com/foo/preview/1


It seems that Rails redirects to the first route with matching params, controller + action name.

  match ':foo/preview/:id'                    => 'application#test',  via: [:get], as: :preview
  match ':foo/:id'                            => 'application#test',  via: [:get], as: :test
@steveklabnik
Member

Can you link to the code? having it on Heroku is awesome, too, but having access to the code means we can confirm any fix.

@rickyc
rickyc commented Apr 23, 2013

Here's the commit showing the changes I made to a brand new rails app.

rickyc/rails-ssl-bug@e63c2a0

@pixeltrix
Member

What's happening is that the force_ssl redirects based upon a hash passed to url_for and both routes will match the same params so the first one wins. This isn't easy to fix without Journey remembering the recognised route name and using it when it generates the url. The other option is to manipulate the url string directly rather than trying to regenerate the url.

@pixeltrix pixeltrix was assigned Apr 25, 2013
@pixeltrix pixeltrix added a commit that closed this issue Apr 25, 2013
@pixeltrix pixeltrix Use `request.fullpath` to build redirect url in `force_ssl`
The `force_ssl` command now builds the redirect url from `request.fullpath`.
This ensures that the format is maintained and it doesn't redirect to a route
that has the same parameters but is defined earlier in `routes.rb`. Also any
optional segments are maintained.

Fixes #7528.
Fixes #9061.
Fixes #10305.
8227bf7
@pixeltrix pixeltrix closed this in 8227bf7 Apr 25, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment