Keep flash when redirecting via force_ssl #1923

Closed
shir opened this Issue Jul 1, 2011 · 6 comments

Comments

Projects
None yet
5 participants
@shir

shir commented Jul 1, 2011

Need to keep flash messages when do redirecting via force_ssl method. Here is a patch:

diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index ed693c5..b255115 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -26,10 +26,11 @@ module ActionController
       def force_ssl(options = {})
         before_filter(options) do
           if !request.ssl? && !Rails.env.development?
+            flash.keep
             redirect_to :protocol => 'https://', :status => :moved_permanently
           end
         end
       end
     end
   end
-end
\ No newline at end of file
+end
@andreychernih

This comment has been minimized.

Show comment
Hide comment
@andreychernih

andreychernih Jul 1, 2011

Contributor

+1 on this issue

Contributor

andreychernih commented Jul 1, 2011

+1 on this issue

@pixeltrix

This comment has been minimized.

Show comment
Hide comment
@pixeltrix

pixeltrix Jul 1, 2011

Member

How does this work if your session cookie is HTTPS only? Won't a new session get created and the flash will be lost.

One other thing - no tests! :-)

Member

pixeltrix commented Jul 1, 2011

How does this work if your session cookie is HTTPS only? Won't a new session get created and the flash will be lost.

One other thing - no tests! :-)

@spastorino

This comment has been minimized.

Show comment
Hide comment
@spastorino

spastorino Jul 10, 2011

Member

any update on this? can you provide at least an app to show what are you trying to do?.
A test case with a properly formatted patch would be better.
Thanks.

Member

spastorino commented Jul 10, 2011

any update on this? can you provide at least an app to show what are you trying to do?.
A test case with a properly formatted patch would be better.
Thanks.

@shir

This comment has been minimized.

Show comment
Hide comment
@shir

shir Jul 14, 2011

We are trying to use ssl only for authentication. So, for example:

  1. User goes to action which requires authentication.
  2. He redirects to login form with flash message "Please login first"
  3. But login action has filter force_ssl and redirects user to https.
  4. Now flash messages is blank and user doesn't see it on login form.

shir commented Jul 14, 2011

We are trying to use ssl only for authentication. So, for example:

  1. User goes to action which requires authentication.
  2. He redirects to login form with flash message "Please login first"
  3. But login action has filter force_ssl and redirects user to https.
  4. Now flash messages is blank and user doesn't see it on login form.
@spastorino

This comment has been minimized.

Show comment
Hide comment
@spastorino

spastorino Jul 14, 2011

Member

@shir @andreychernyh a test case or an application that shows the issue would be great.

Member

spastorino commented Jul 14, 2011

@shir @andreychernyh a test case or an application that shows the issue would be great.

@josevalim

This comment has been minimized.

Show comment
Hide comment
@josevalim

josevalim Jan 12, 2012

Contributor

Fixed by #4429.

Contributor

josevalim commented Jan 12, 2012

Fixed by #4429.

@josevalim josevalim closed this Jan 12, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment