Skip to content

Loading…

Keep flash when redirecting via force_ssl #1923

Closed
shir opened this Issue · 6 comments

5 participants

@shir

Need to keep flash messages when do redirecting via force_ssl method. Here is a patch:

diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index ed693c5..b255115 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -26,10 +26,11 @@ module ActionController
       def force_ssl(options = {})
         before_filter(options) do
           if !request.ssl? && !Rails.env.development?
+            flash.keep
             redirect_to :protocol => 'https://', :status => :moved_permanently
           end
         end
       end
     end
   end
-end
\ No newline at end of file
+end
@andreychernih

+1 on this issue

@pixeltrix
Ruby on Rails member

How does this work if your session cookie is HTTPS only? Won't a new session get created and the flash will be lost.

One other thing - no tests! :-)

@spastorino
Ruby on Rails member

any update on this? can you provide at least an app to show what are you trying to do?.
A test case with a properly formatted patch would be better.
Thanks.

@shir

We are trying to use ssl only for authentication. So, for example:

  1. User goes to action which requires authentication.
  2. He redirects to login form with flash message "Please login first"
  3. But login action has filter force_ssl and redirects user to https.
  4. Now flash messages is blank and user doesn't see it on login form.
@spastorino
Ruby on Rails member

@shir @AndreyChernyh a test case or an application that shows the issue would be great.

@josevalim
Ruby on Rails member

Fixed by #4429.

@josevalim josevalim closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.