Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
03351cd5
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
未验证
提交
03351cd5
编写于
5月 05, 2020
作者:
R
Rafael Mendonça França
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Remove deprecated `force_ssl` at the controller level.
上级
0f9249c9
变更
9
隐藏空白更改
内联
并排
Showing
9 changed file
with
7 addition
and
432 deletion
+7
-432
actionmailer/lib/action_mailer/parameterized.rb
actionmailer/lib/action_mailer/parameterized.rb
+0
-1
actionpack/CHANGELOG.md
actionpack/CHANGELOG.md
+4
-0
actionpack/lib/action_controller.rb
actionpack/lib/action_controller.rb
+0
-1
actionpack/lib/action_controller/api.rb
actionpack/lib/action_controller/api.rb
+1
-2
actionpack/lib/action_controller/base.rb
actionpack/lib/action_controller/base.rb
+0
-1
actionpack/lib/action_controller/metal/force_ssl.rb
actionpack/lib/action_controller/metal/force_ssl.rb
+0
-58
actionpack/test/controller/api/force_ssl_test.rb
actionpack/test/controller/api/force_ssl_test.rb
+0
-24
actionpack/test/controller/force_ssl_test.rb
actionpack/test/controller/force_ssl_test.rb
+0
-345
guides/source/6_1_release_notes.md
guides/source/6_1_release_notes.md
+2
-0
未找到文件。
actionmailer/lib/action_mailer/parameterized.rb
浏览文件 @
03351cd5
...
...
@@ -145,7 +145,6 @@ def enqueue_delivery(delivery_method, options = {})
@mailer_class
.
name
,
@action
.
to_s
,
delivery_method
.
to_s
,
params:
@params
,
args:
@args
)
end
end
end
end
end
actionpack/CHANGELOG.md
浏览文件 @
03351cd5
*
Remove deprecated
`force_ssl`
at the controller level.
*Rafael Mendonça França*
*
The +helper+ class method for controllers loads helper modules specified as
strings/symbols with
`String#constantize`
instead of
`require_dependency`
.
...
...
actionpack/lib/action_controller.rb
浏览文件 @
03351cd5
...
...
@@ -32,7 +32,6 @@ module ActionController
autoload
:EtagWithFlash
autoload
:FeaturePolicy
autoload
:Flash
autoload
:ForceSSL
autoload
:Head
autoload
:Helpers
autoload
:HttpAuthentication
...
...
actionpack/lib/action_controller/api.rb
浏览文件 @
03351cd5
...
...
@@ -93,7 +93,7 @@ class API < Metal
# the ones passed as arguments:
#
# class MyAPIBaseController < ActionController::Metal
# ActionController::API.without_modules(:
ForceSSL, :
UrlFor).each do |left|
# ActionController::API.without_modules(:UrlFor).each do |left|
# include left
# end
# end
...
...
@@ -120,7 +120,6 @@ def self.without_modules(*modules)
BasicImplicitRender
,
StrongParameters
,
ForceSSL
,
DataStreaming
,
DefaultHeaders
,
Logging
,
...
...
actionpack/lib/action_controller/base.rb
浏览文件 @
03351cd5
...
...
@@ -227,7 +227,6 @@ def self.without_modules(*modules)
RequestForgeryProtection
,
ContentSecurityPolicy
,
FeaturePolicy
,
ForceSSL
,
Streaming
,
DataStreaming
,
HttpAuthentication
::
Basic
::
ControllerMethods
,
...
...
actionpack/lib/action_controller/metal/force_ssl.rb
已删除
100644 → 0
浏览文件 @
0f9249c9
# frozen_string_literal: true
require
"active_support/core_ext/hash/except"
require
"active_support/core_ext/hash/slice"
module
ActionController
# This module is deprecated in favor of +config.force_ssl+ in your environment
# config file. This will ensure all endpoints not explicitly marked otherwise
# will have all communication served over HTTPS.
module
ForceSSL
# :nodoc:
extend
ActiveSupport
::
Concern
include
AbstractController
::
Callbacks
ACTION_OPTIONS
=
[
:only
,
:except
,
:if
,
:unless
]
URL_OPTIONS
=
[
:protocol
,
:host
,
:domain
,
:subdomain
,
:port
,
:path
]
REDIRECT_OPTIONS
=
[
:status
,
:flash
,
:alert
,
:notice
]
module
ClassMethods
# :nodoc:
def
force_ssl
(
options
=
{})
ActiveSupport
::
Deprecation
.
warn
(
<<-
MESSAGE
.
squish
)
Controller-level `force_ssl` is deprecated and will be removed from
Rails 6.1. Please enable `config.force_ssl` in your environment
configuration to enable the ActionDispatch::SSL middleware to more
fully enforce that your application communicate over HTTPS. If needed,
you can use `config.ssl_options` to exempt matching endpoints from
being redirected to HTTPS.
MESSAGE
action_options
=
options
.
slice
(
*
ACTION_OPTIONS
)
redirect_options
=
options
.
except
(
*
ACTION_OPTIONS
)
before_action
(
action_options
)
do
force_ssl_redirect
(
redirect_options
)
end
end
end
def
force_ssl_redirect
(
host_or_options
=
nil
)
unless
request
.
ssl?
options
=
{
protocol:
"https://"
,
host:
request
.
host
,
path:
request
.
fullpath
,
status: :moved_permanently
,
}
if
host_or_options
.
is_a?
(
Hash
)
options
.
merge!
(
host_or_options
)
elsif
host_or_options
options
[
:host
]
=
host_or_options
end
secure_url
=
ActionDispatch
::
Http
::
URL
.
url_for
(
options
.
slice
(
*
URL_OPTIONS
))
flash
.
keep
if
respond_to?
(
:flash
)
&&
request
.
respond_to?
(
:flash
)
redirect_to
secure_url
,
options
.
slice
(
*
REDIRECT_OPTIONS
)
end
end
end
end
actionpack/test/controller/api/force_ssl_test.rb
已删除
100644 → 0
浏览文件 @
0f9249c9
# frozen_string_literal: true
require
"abstract_unit"
class
ForceSSLApiController
<
ActionController
::
API
ActiveSupport
::
Deprecation
.
silence
do
force_ssl
end
def
one
;
end
def
two
head
:ok
end
end
class
ForceSSLApiTest
<
ActionController
::
TestCase
tests
ForceSSLApiController
def
test_redirects_to_https
get
:two
assert_response
301
assert_equal
"https://test.host/force_ssl_api/two"
,
redirect_to_url
end
end
actionpack/test/controller/force_ssl_test.rb
已删除
100644 → 0
浏览文件 @
0f9249c9
# frozen_string_literal: true
require
"abstract_unit"
class
ForceSSLController
<
ActionController
::
Base
def
banana
render
plain:
"monkey"
end
def
cheeseburger
render
plain:
"sikachu"
end
end
class
ForceSSLControllerLevel
<
ForceSSLController
ActiveSupport
::
Deprecation
.
silence
do
force_ssl
end
end
class
ForceSSLCustomOptions
<
ForceSSLController
ActiveSupport
::
Deprecation
.
silence
do
force_ssl
host:
"secure.example.com"
,
only: :redirect_host
force_ssl
port:
8443
,
only: :redirect_port
force_ssl
subdomain:
"secure"
,
only: :redirect_subdomain
force_ssl
domain:
"secure.com"
,
only: :redirect_domain
force_ssl
path:
"/foo"
,
only: :redirect_path
force_ssl
status: :found
,
only: :redirect_status
force_ssl
flash:
{
message:
"Foo, Bar!"
},
only: :redirect_flash
force_ssl
alert:
"Foo, Bar!"
,
only: :redirect_alert
force_ssl
notice:
"Foo, Bar!"
,
only: :redirect_notice
end
def
force_ssl_action
render
plain:
action_name
end
alias_method
:redirect_host
,
:force_ssl_action
alias_method
:redirect_port
,
:force_ssl_action
alias_method
:redirect_subdomain
,
:force_ssl_action
alias_method
:redirect_domain
,
:force_ssl_action
alias_method
:redirect_path
,
:force_ssl_action
alias_method
:redirect_status
,
:force_ssl_action
alias_method
:redirect_flash
,
:force_ssl_action
alias_method
:redirect_alert
,
:force_ssl_action
alias_method
:redirect_notice
,
:force_ssl_action
def
use_flash
render
plain:
flash
[
:message
]
end
def
use_alert
render
plain:
flash
[
:alert
]
end
def
use_notice
render
plain:
flash
[
:notice
]
end
end
class
ForceSSLOnlyAction
<
ForceSSLController
ActiveSupport
::
Deprecation
.
silence
do
force_ssl
only: :cheeseburger
end
end
class
ForceSSLExceptAction
<
ForceSSLController
ActiveSupport
::
Deprecation
.
silence
do
force_ssl
except: :banana
end
end
class
ForceSSLIfCondition
<
ForceSSLController
ActiveSupport
::
Deprecation
.
silence
do
force_ssl
if: :use_force_ssl?
end
def
use_force_ssl?
action_name
==
"cheeseburger"
end
end
class
ForceSSLFlash
<
ForceSSLController
ActiveSupport
::
Deprecation
.
silence
do
force_ssl
except:
[
:banana
,
:set_flash
,
:use_flash
]
end
def
set_flash
flash
[
"that"
]
=
"hello"
redirect_to
"/force_ssl_flash/cheeseburger"
end
def
use_flash
@flash_copy
=
{}.
update
flash
@flashy
=
flash
[
"that"
]
render
inline:
"hello"
end
end
class
RedirectToSSL
<
ForceSSLController
def
banana
force_ssl_redirect
||
render
(
plain:
"monkey"
)
end
def
cheeseburger
force_ssl_redirect
(
"secure.cheeseburger.host"
)
||
render
(
plain:
"ihaz"
)
end
end
class
ForceSSLControllerLevelTest
<
ActionController
::
TestCase
def
test_banana_redirects_to_https
get
:banana
assert_response
301
assert_equal
"https://test.host/force_ssl_controller_level/banana"
,
redirect_to_url
end
def
test_banana_redirects_to_https_with_extra_params
get
:banana
,
params:
{
token:
"secret"
}
assert_response
301
assert_equal
"https://test.host/force_ssl_controller_level/banana?token=secret"
,
redirect_to_url
end
def
test_cheeseburger_redirects_to_https
get
:cheeseburger
assert_response
301
assert_equal
"https://test.host/force_ssl_controller_level/cheeseburger"
,
redirect_to_url
end
end
class
ForceSSLCustomOptionsTest
<
ActionController
::
TestCase
def
setup
@request
.
env
[
"HTTP_HOST"
]
=
"www.example.com:80"
end
def
test_redirect_to_custom_host
get
:redirect_host
assert_response
301
assert_equal
"https://secure.example.com/force_ssl_custom_options/redirect_host"
,
redirect_to_url
end
def
test_redirect_to_custom_port
get
:redirect_port
assert_response
301
assert_equal
"https://www.example.com:8443/force_ssl_custom_options/redirect_port"
,
redirect_to_url
end
def
test_redirect_to_custom_subdomain
get
:redirect_subdomain
assert_response
301
assert_equal
"https://secure.example.com/force_ssl_custom_options/redirect_subdomain"
,
redirect_to_url
end
def
test_redirect_to_custom_domain
get
:redirect_domain
assert_response
301
assert_equal
"https://www.secure.com/force_ssl_custom_options/redirect_domain"
,
redirect_to_url
end
def
test_redirect_to_custom_path
get
:redirect_path
assert_response
301
assert_equal
"https://www.example.com/foo"
,
redirect_to_url
end
def
test_redirect_to_custom_status
get
:redirect_status
assert_response
302
assert_equal
"https://www.example.com/force_ssl_custom_options/redirect_status"
,
redirect_to_url
end
def
test_redirect_to_custom_flash
get
:redirect_flash
assert_response
301
assert_equal
"https://www.example.com/force_ssl_custom_options/redirect_flash"
,
redirect_to_url
get
:use_flash
assert_response
200
assert_equal
"Foo, Bar!"
,
@response
.
body
end
def
test_redirect_to_custom_alert
get
:redirect_alert
assert_response
301
assert_equal
"https://www.example.com/force_ssl_custom_options/redirect_alert"
,
redirect_to_url
get
:use_alert
assert_response
200
assert_equal
"Foo, Bar!"
,
@response
.
body
end
def
test_redirect_to_custom_notice
get
:redirect_notice
assert_response
301
assert_equal
"https://www.example.com/force_ssl_custom_options/redirect_notice"
,
redirect_to_url
get
:use_notice
assert_response
200
assert_equal
"Foo, Bar!"
,
@response
.
body
end
end
class
ForceSSLOnlyActionTest
<
ActionController
::
TestCase
def
test_banana_not_redirects_to_https
get
:banana
assert_response
200
end
def
test_cheeseburger_redirects_to_https
get
:cheeseburger
assert_response
301
assert_equal
"https://test.host/force_ssl_only_action/cheeseburger"
,
redirect_to_url
end
end
class
ForceSSLExceptActionTest
<
ActionController
::
TestCase
def
test_banana_not_redirects_to_https
get
:banana
assert_response
200
end
def
test_cheeseburger_redirects_to_https
get
:cheeseburger
assert_response
301
assert_equal
"https://test.host/force_ssl_except_action/cheeseburger"
,
redirect_to_url
end
end
class
ForceSSLIfConditionTest
<
ActionController
::
TestCase
def
test_banana_not_redirects_to_https
get
:banana
assert_response
200
end
def
test_cheeseburger_redirects_to_https
get
:cheeseburger
assert_response
301
assert_equal
"https://test.host/force_ssl_if_condition/cheeseburger"
,
redirect_to_url
end
end
class
ForceSSLFlashTest
<
ActionController
::
TestCase
def
test_cheeseburger_redirects_to_https
get
:set_flash
assert_response
302
assert_equal
"http://test.host/force_ssl_flash/cheeseburger"
,
redirect_to_url
@request
.
env
.
delete
(
"PATH_INFO"
)
get
:cheeseburger
assert_response
301
assert_equal
"https://test.host/force_ssl_flash/cheeseburger"
,
redirect_to_url
@request
.
env
.
delete
(
"PATH_INFO"
)
get
:use_flash
assert_equal
"hello"
,
@controller
.
instance_variable_get
(
"@flash_copy"
)[
"that"
]
assert_equal
"hello"
,
@controller
.
instance_variable_get
(
"@flashy"
)
end
end
class
ForceSSLDuplicateRoutesTest
<
ActionController
::
TestCase
tests
ForceSSLControllerLevel
def
test_force_ssl_redirects_to_same_path
with_routing
do
|
set
|
set
.
draw
do
get
"/foo"
,
to:
"force_ssl_controller_level#banana"
get
"/bar"
,
to:
"force_ssl_controller_level#banana"
end
@request
.
env
[
"PATH_INFO"
]
=
"/bar"
get
:banana
assert_response
301
assert_equal
"https://test.host/bar"
,
redirect_to_url
end
end
end
class
ForceSSLFormatTest
<
ActionController
::
TestCase
tests
ForceSSLControllerLevel
def
test_force_ssl_redirects_to_same_format
with_routing
do
|
set
|
set
.
draw
do
get
"/foo"
,
to:
"force_ssl_controller_level#banana"
end
get
:banana
,
format: :json
assert_response
301
assert_equal
"https://test.host/foo.json"
,
redirect_to_url
end
end
end
class
ForceSSLOptionalSegmentsTest
<
ActionController
::
TestCase
tests
ForceSSLControllerLevel
def
test_force_ssl_redirects_to_same_format
with_routing
do
|
set
|
set
.
draw
do
scope
"(:locale)"
do
defaults
locale:
"en"
do
get
"/foo"
,
to:
"force_ssl_controller_level#banana"
end
end
end
@request
.
env
[
"PATH_INFO"
]
=
"/en/foo"
get
:banana
,
params:
{
locale:
"en"
}
assert_equal
"en"
,
@controller
.
params
[
:locale
]
assert_response
301
assert_equal
"https://test.host/en/foo"
,
redirect_to_url
end
end
end
class
RedirectToSSLTest
<
ActionController
::
TestCase
def
test_banana_redirects_to_https_if_not_https
get
:banana
assert_response
301
assert_equal
"https://test.host/redirect_to_ssl/banana"
,
redirect_to_url
end
def
test_cheeseburgers_redirects_to_https_with_new_host_if_not_https
get
:cheeseburger
assert_response
301
assert_equal
"https://secure.cheeseburger.host/redirect_to_ssl/cheeseburger"
,
redirect_to_url
end
def
test_cheeseburgers_does_not_redirect_if_already_https
request
.
env
[
"HTTPS"
]
=
"on"
get
:cheeseburger
assert_response
200
assert_equal
"ihaz"
,
response
.
body
end
end
class
ForceSSLControllerLevelTest
<
ActionController
::
TestCase
def
test_no_redirect_websocket_ssl_request
request
.
env
[
"rack.url_scheme"
]
=
"wss"
request
.
env
[
"Upgrade"
]
=
"websocket"
get
:cheeseburger
assert_response
200
end
end
guides/source/6_1_release_notes.md
浏览文件 @
03351cd5
...
...
@@ -55,6 +55,8 @@ Please refer to the [Changelog][action-pack] for detailed changes.
### Removals
*
Remove deprecated
`force_ssl`
at the controller level.
### Deprecations
### Notable changes
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录