ActionController::ForceSSL accepts options for redirect_to #7570

Closed
wants to merge 2 commits into
from
Jump to file or symbol
Failed to load files and symbols.
+39 −5
Split
@@ -37,10 +37,12 @@ module ClassMethods
# will be called only when it returns a true value.
# * <tt>unless</tt> - A symbol naming an instance method or a proc; the callback
# will be called only when it returns a false value.
+ # * <tt>status</tt> - The http status to be used for redirect, 302-307
def force_ssl(options = {})
host = options.delete(:host)
before_filter(options) do
- force_ssl_redirect(host)
+ ssl_options = options.select { |k, v| ![:only, :except, :if, :unless].include?(k) }
+ force_ssl_redirect(host, ssl_options)
end
end
end
@@ -49,10 +51,12 @@ def force_ssl(options = {})
#
# ==== Parameters
# * <tt>host</tt> - Redirect to a different host name
- def force_ssl_redirect(host = nil)
+ def force_ssl_redirect(host = nil, redirect_options={})
unless request.ssl?
- redirect_options = {:protocol => 'https://', :status => :moved_permanently}
- redirect_options.merge!(:host => host) if host
+ redirect_options.delete(:protocol)
+ redirect_options.delete(:params)
+ redirect_options = {:protocol => 'https://', :status => :moved_permanently}.merge!(redirect_options)
+ redirect_options.merge!(:host => host) if host && host != :existing
redirect_options.merge!(:params => request.query_parameters)
flash.keep if respond_to?(:flash)
redirect_to redirect_options
@@ -34,6 +34,10 @@ def use_force_ssl?
end
end
+class ForceSSLWithTemporaryRedirect < ForceSSLController
+ force_ssl :status => :temporary_redirect
+end
+
class ForceSSLFlash < ForceSSLController
force_ssl :except => [:banana, :set_flash, :use_flash]
@@ -56,6 +60,12 @@ def banana
def cheeseburger
force_ssl_redirect('secure.cheeseburger.host') || render(:text => 'ihaz')
end
+ def orange
+ force_ssl_redirect(:existing, status: :temporary_redirect) || render(:text => 'monkey')
+ end
+ def bad_orange
+ force_ssl_redirect(:existing, params: {whoops: "true"}, protocol: "ftp://") || render(:text => 'monkey')
+ end
end
class ForceSSLControllerLevelTest < ActionController::TestCase
@@ -141,6 +151,15 @@ def test_cheeseburger_redirects_to_https
end
end
+class ForceSSLWithTemporaryRedirectTest < ActionController::TestCase
+ tests ForceSSLWithTemporaryRedirect
+
+ def test_banana_redirects_with_http_status_307
+ get :banana
+ assert_response 307
+ end
+end
+
class ForceSSLFlashTest < ActionController::TestCase
tests ForceSSLFlash
@@ -179,4 +198,15 @@ def test_banana_does_not_redirect_if_already_https
assert_response 200
assert_equal 'ihaz', response.body
end
-end
+
+ def test_orange_redirects_with_http_status_307
+ get :orange
+ assert_response 307
+ assert_equal "https://test.host/redirect_to_ssl/orange", redirect_to_url
+ end
+
+ def test_bad_orange_ignores_protocol_and_params
+ get :bad_orange
+ assert_equal "https://test.host/redirect_to_ssl/bad_orange", redirect_to_url
+ end
+end