Fix improperly configured host in generated urls #9794

Merged
merged 1 commit into from Mar 20, 2013

Projects

None yet

2 participants

@schneems
Member

If the host in default_url_options is accidentally set with a protocol such as

host: "http://example.com"

then the generated url will have the protocol twice http://http://example.com which is not what the user intended. Likely they wanted to define a host host: "example.com" and a protocol: "http://" but did not know the convention.

This may not the most common problem, but when it happens it can go undetected for a while. I accidentally added http:// out of habit recently only to find all the links in my emails were broken after deploying a demo site to production. Rather than allow this accident go undetected, we can fix the problem in line by properly setting the protocol and host.

I was able to find this related question on stack overflow: http://stackoverflow.com/questions/5878329/rails-3-devise-how-do-i-make-the-email-confirmation-links-use-secure-https-n where the answer was highly upvoted.

This is based off of work in #7415 cc/ @pixeltrix

ATP Action Mailer and Action Pack

@pixeltrix
Member

@schneems can you rebase and I'll merge it - thanks!

@pixeltrix pixeltrix was assigned Mar 19, 2013
@schneems schneems Fix improperly configured host in generated urls
If the host in `default_url_options` is accidentally set with a protocol such as 

```
host: "http://example.com"
``` 

then the generated url will have the protocol twice `http://http://example.com` which is not what the user intended. Likely they wanted to define a host `host: "example.com"` and a `protocol: "http://"` but did not know the convention.

This may not the most common problem, but when it happens it can go undetected for a while. I accidentally added `http://` out of habit recently only to find all the links in my emails were broken after deploying a demo site to production. Rather than allow this accident go undetected, we can fix the problem in line by properly setting the protocol and host.


I was able to find this related question on stack overflow: http://stackoverflow.com/questions/5878329/rails-3-devise-how-do-i-make-the-email-confirmation-links-use-secure-https-n where the answer was highly upvoted.

This is based off of work in #7415 cc/ @pixeltrix

ATP Action Mailer and Action Pack
334549b
@schneems
Member

Rebased

@pixeltrix pixeltrix merged commit 730f725 into rails:master Mar 20, 2013
@pixeltrix
Member

@schneems it's probably okay to backport this one - can you do a PR against 3-2-stable? Thanks!

@schneems schneems added a commit to schneems/rails that referenced this pull request Mar 20, 2013
@schneems schneems Fix improperly configured host in generated urls
If the host in `default_url_options` is accidentally set with a protocol such as 

```
host: "http://example.com"
``` 

then the generated url will have the protocol twice `http://http://example.com` which is not what the user intended. Likely they wanted to define a host `host: "example.com"` and a `protocol: "http://"` but did not know the convention.

This may not the most common problem, but when it happens it can go undetected for a while. I accidentally added `http://` out of habit recently only to find all the links in my emails were broken after deploying a demo site to production. Rather than allow this accident go undetected, we can fix the problem in line by properly setting the protocol and host.


I was able to find this related question on stack overflow: http://stackoverflow.com/questions/5878329/rails-3-devise-how-do-i-make-the-email-confirmation-links-use-secure-https-n where the answer was highly upvoted.

This is based off of work in #7415 cc/ @pixeltrix

back port of #9794

ATP Action Mailer and Action Pack
3f11317
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment