Remove deprecated `force_ssl` at the controller level.

03351cd5 · Rafael Mendonça França · 0f9249c9 · 03351cd5 · 03351cd5 · 03351cd5
9 changed file
--- a/actionmailer/lib/action_mailer/parameterized.rb
+++ b/actionmailer/lib/action_mailer/parameterized.rb
@@ -145,7 +145,6 @@ def enqueue_delivery(delivery_method, options = {})
              @mailer_class.name, @action.to_s, delivery_method.to_s, params: @params, args: @args)
          end
        end
-
    end
  end
 end
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
+*   Remove deprecated `force_ssl` at the controller level.
+
+    *Rafael Mendonça França*
+
 *   The +helper+ class method for controllers loads helper modules specified as
    strings/symbols with `String#constantize` instead of `require_dependency`.


--- a/actionpack/lib/action_controller.rb
+++ b/actionpack/lib/action_controller.rb
@@ -32,7 +32,6 @@ module ActionController
    autoload :EtagWithFlash
    autoload :FeaturePolicy
    autoload :Flash
-    autoload :ForceSSL
    autoload :Head
    autoload :Helpers
    autoload :HttpAuthentication

--- a/actionpack/lib/action_controller/api.rb
+++ b/actionpack/lib/action_controller/api.rb
@@ -93,7 +93,7 @@ class API < Metal
    # the ones passed as arguments:
    #
    #   class MyAPIBaseController < ActionController::Metal
-    #     ActionController::API.without_modules(:ForceSSL, :UrlFor).each do |left|
+    #     ActionController::API.without_modules(:UrlFor).each do |left|
    #       include left
    #     end
    #   end
@@ -120,7 +120,6 @@ def self.without_modules(*modules)
      BasicImplicitRender,
      StrongParameters,

-      ForceSSL,
      DataStreaming,
      DefaultHeaders,
      Logging,

--- a/actionpack/lib/action_controller/base.rb
+++ b/actionpack/lib/action_controller/base.rb
@@ -227,7 +227,6 @@ def self.without_modules(*modules)
      RequestForgeryProtection,
      ContentSecurityPolicy,
      FeaturePolicy,
-      ForceSSL,
      Streaming,
      DataStreaming,
      HttpAuthentication::Basic::ControllerMethods,

--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
-# frozen_string_literal: true
-
-require "active_support/core_ext/hash/except"
-require "active_support/core_ext/hash/slice"
-
-module ActionController
-  # This module is deprecated in favor of +config.force_ssl+ in your environment
-  # config file. This will ensure all endpoints not explicitly marked otherwise
-  # will have all communication served over HTTPS.
-  module ForceSSL # :nodoc:
-    extend ActiveSupport::Concern
-    include AbstractController::Callbacks
-
-    ACTION_OPTIONS = [:only, :except, :if, :unless]
-    URL_OPTIONS = [:protocol, :host, :domain, :subdomain, :port, :path]
-    REDIRECT_OPTIONS = [:status, :flash, :alert, :notice]
-
-    module ClassMethods # :nodoc:
-      def force_ssl(options = {})
-        ActiveSupport::Deprecation.warn(<<-MESSAGE.squish)
-          Controller-level `force_ssl` is deprecated and will be removed from
-          Rails 6.1. Please enable `config.force_ssl` in your environment
-          configuration to enable the ActionDispatch::SSL middleware to more
-          fully enforce that your application communicate over HTTPS. If needed,
-          you can use `config.ssl_options` to exempt matching endpoints from
-          being redirected to HTTPS.
-        MESSAGE
-
-        action_options = options.slice(*ACTION_OPTIONS)
-        redirect_options = options.except(*ACTION_OPTIONS)
-        before_action(action_options) do
-          force_ssl_redirect(redirect_options)
-        end
-      end
-    end
-
-    def force_ssl_redirect(host_or_options = nil)
-      unless request.ssl?
-        options = {
-          protocol: "https://",
-          host: request.host,
-          path: request.fullpath,
-          status: :moved_permanently,
-        }
-
-        if host_or_options.is_a?(Hash)
-          options.merge!(host_or_options)
-        elsif host_or_options
-          options[:host] = host_or_options
-        end
-
-        secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
-        flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
-        redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
-      end
-    end
-  end
-end
--- a/actionpack/test/controller/api/force_ssl_test.rb
+++ b/actionpack/test/controller/api/force_ssl_test.rb
-# frozen_string_literal: true
-
-require "abstract_unit"
-
-class ForceSSLApiController < ActionController::API
-  ActiveSupport::Deprecation.silence do
-    force_ssl
-  end
-
-  def one; end
-  def two
-    head :ok
-  end
-end
-
-class ForceSSLApiTest < ActionController::TestCase
-  tests ForceSSLApiController
-
-  def test_redirects_to_https
-    get :two
-    assert_response 301
-    assert_equal "https://test.host/force_ssl_api/two", redirect_to_url
-  end
-end
--- a/actionpack/test/controller/force_ssl_test.rb
+++ b/actionpack/test/controller/force_ssl_test.rb
-# frozen_string_literal: true
-
-require "abstract_unit"
-
-class ForceSSLController < ActionController::Base
-  def banana
-    render plain: "monkey"
-  end
-
-  def cheeseburger
-    render plain: "sikachu"
-  end
-end
-
-class ForceSSLControllerLevel < ForceSSLController
-  ActiveSupport::Deprecation.silence do
-    force_ssl
-  end
-end
-
-class ForceSSLCustomOptions < ForceSSLController
-  ActiveSupport::Deprecation.silence do
-    force_ssl host: "secure.example.com", only: :redirect_host
-    force_ssl port: 8443, only: :redirect_port
-    force_ssl subdomain: "secure", only: :redirect_subdomain
-    force_ssl domain: "secure.com", only: :redirect_domain
-    force_ssl path: "/foo", only: :redirect_path
-    force_ssl status: :found, only: :redirect_status
-    force_ssl flash: { message: "Foo, Bar!" }, only: :redirect_flash
-    force_ssl alert: "Foo, Bar!", only: :redirect_alert
-    force_ssl notice: "Foo, Bar!", only: :redirect_notice
-  end
-
-  def force_ssl_action
-    render plain: action_name
-  end
-
-  alias_method :redirect_host, :force_ssl_action
-  alias_method :redirect_port, :force_ssl_action
-  alias_method :redirect_subdomain, :force_ssl_action
-  alias_method :redirect_domain, :force_ssl_action
-  alias_method :redirect_path, :force_ssl_action
-  alias_method :redirect_status, :force_ssl_action
-  alias_method :redirect_flash, :force_ssl_action
-  alias_method :redirect_alert, :force_ssl_action
-  alias_method :redirect_notice, :force_ssl_action
-
-  def use_flash
-    render plain: flash[:message]
-  end
-
-  def use_alert
-    render plain: flash[:alert]
-  end
-
-  def use_notice
-    render plain: flash[:notice]
-  end
-end
-
-class ForceSSLOnlyAction < ForceSSLController
-  ActiveSupport::Deprecation.silence do
-    force_ssl only: :cheeseburger
-  end
-end
-
-class ForceSSLExceptAction < ForceSSLController
-  ActiveSupport::Deprecation.silence do
-    force_ssl except: :banana
-  end
-end
-
-class ForceSSLIfCondition < ForceSSLController
-  ActiveSupport::Deprecation.silence do
-    force_ssl if: :use_force_ssl?
-  end
-
-  def use_force_ssl?
-    action_name == "cheeseburger"
-  end
-end
-
-class ForceSSLFlash < ForceSSLController
-  ActiveSupport::Deprecation.silence do
-    force_ssl except: [:banana, :set_flash, :use_flash]
-  end
-
-  def set_flash
-    flash["that"] = "hello"
-    redirect_to "/force_ssl_flash/cheeseburger"
-  end
-
-  def use_flash
-    @flash_copy = {}.update flash
-    @flashy = flash["that"]
-    render inline: "hello"
-  end
-end
-
-class RedirectToSSL < ForceSSLController
-  def banana
-    force_ssl_redirect || render(plain: "monkey")
-  end
-  def cheeseburger
-    force_ssl_redirect("secure.cheeseburger.host") || render(plain: "ihaz")
-  end
-end
-
-class ForceSSLControllerLevelTest < ActionController::TestCase
-  def test_banana_redirects_to_https
-    get :banana
-    assert_response 301
-    assert_equal "https://test.host/force_ssl_controller_level/banana", redirect_to_url
-  end
-
-  def test_banana_redirects_to_https_with_extra_params
-    get :banana, params: { token: "secret" }
-    assert_response 301
-    assert_equal "https://test.host/force_ssl_controller_level/banana?token=secret", redirect_to_url
-  end
-
-  def test_cheeseburger_redirects_to_https
-    get :cheeseburger
-    assert_response 301
-    assert_equal "https://test.host/force_ssl_controller_level/cheeseburger", redirect_to_url
-  end
-end
-
-class ForceSSLCustomOptionsTest < ActionController::TestCase
-  def setup
-    @request.env["HTTP_HOST"] = "www.example.com:80"
-  end
-
-  def test_redirect_to_custom_host
-    get :redirect_host
-    assert_response 301
-    assert_equal "https://secure.example.com/force_ssl_custom_options/redirect_host", redirect_to_url
-  end
-
-  def test_redirect_to_custom_port
-    get :redirect_port
-    assert_response 301
-    assert_equal "https://www.example.com:8443/force_ssl_custom_options/redirect_port", redirect_to_url
-  end
-
-  def test_redirect_to_custom_subdomain
-    get :redirect_subdomain
-    assert_response 301
-    assert_equal "https://secure.example.com/force_ssl_custom_options/redirect_subdomain", redirect_to_url
-  end
-
-  def test_redirect_to_custom_domain
-    get :redirect_domain
-    assert_response 301
-    assert_equal "https://www.secure.com/force_ssl_custom_options/redirect_domain", redirect_to_url
-  end
-
-  def test_redirect_to_custom_path
-    get :redirect_path
-    assert_response 301
-    assert_equal "https://www.example.com/foo", redirect_to_url
-  end
-
-  def test_redirect_to_custom_status
-    get :redirect_status
-    assert_response 302
-    assert_equal "https://www.example.com/force_ssl_custom_options/redirect_status", redirect_to_url
-  end
-
-  def test_redirect_to_custom_flash
-    get :redirect_flash
-    assert_response 301
-    assert_equal "https://www.example.com/force_ssl_custom_options/redirect_flash", redirect_to_url
-
-    get :use_flash
-    assert_response 200
-    assert_equal "Foo, Bar!", @response.body
-  end
-
-  def test_redirect_to_custom_alert
-    get :redirect_alert
-    assert_response 301
-    assert_equal "https://www.example.com/force_ssl_custom_options/redirect_alert", redirect_to_url
-
-    get :use_alert
-    assert_response 200
-    assert_equal "Foo, Bar!", @response.body
-  end
-
-  def test_redirect_to_custom_notice
-    get :redirect_notice
-    assert_response 301
-    assert_equal "https://www.example.com/force_ssl_custom_options/redirect_notice", redirect_to_url
-
-    get :use_notice
-    assert_response 200
-    assert_equal "Foo, Bar!", @response.body
-  end
-end
-
-class ForceSSLOnlyActionTest < ActionController::TestCase
-  def test_banana_not_redirects_to_https
-    get :banana
-    assert_response 200
-  end
-
-  def test_cheeseburger_redirects_to_https
-    get :cheeseburger
-    assert_response 301
-    assert_equal "https://test.host/force_ssl_only_action/cheeseburger", redirect_to_url
-  end
-end
-
-class ForceSSLExceptActionTest < ActionController::TestCase
-  def test_banana_not_redirects_to_https
-    get :banana
-    assert_response 200
-  end
-
-  def test_cheeseburger_redirects_to_https
-    get :cheeseburger
-    assert_response 301
-    assert_equal "https://test.host/force_ssl_except_action/cheeseburger", redirect_to_url
-  end
-end
-
-class ForceSSLIfConditionTest < ActionController::TestCase
-  def test_banana_not_redirects_to_https
-    get :banana
-    assert_response 200
-  end
-
-  def test_cheeseburger_redirects_to_https
-    get :cheeseburger
-    assert_response 301
-    assert_equal "https://test.host/force_ssl_if_condition/cheeseburger", redirect_to_url
-  end
-end
-
-class ForceSSLFlashTest < ActionController::TestCase
-  def test_cheeseburger_redirects_to_https
-    get :set_flash
-    assert_response 302
-    assert_equal "http://test.host/force_ssl_flash/cheeseburger", redirect_to_url
-
-    @request.env.delete("PATH_INFO")
-
-    get :cheeseburger
-    assert_response 301
-    assert_equal "https://test.host/force_ssl_flash/cheeseburger", redirect_to_url
-
-    @request.env.delete("PATH_INFO")
-
-    get :use_flash
-    assert_equal "hello", @controller.instance_variable_get("@flash_copy")["that"]
-    assert_equal "hello", @controller.instance_variable_get("@flashy")
-  end
-end
-
-class ForceSSLDuplicateRoutesTest < ActionController::TestCase
-  tests ForceSSLControllerLevel
-
-  def test_force_ssl_redirects_to_same_path
-    with_routing do |set|
-      set.draw do
-        get "/foo", to: "force_ssl_controller_level#banana"
-        get "/bar", to: "force_ssl_controller_level#banana"
-      end
-
-      @request.env["PATH_INFO"] = "/bar"
-
-      get :banana
-      assert_response 301
-      assert_equal "https://test.host/bar", redirect_to_url
-    end
-  end
-end
-
-class ForceSSLFormatTest < ActionController::TestCase
-  tests ForceSSLControllerLevel
-
-  def test_force_ssl_redirects_to_same_format
-    with_routing do |set|
-      set.draw do
-        get "/foo", to: "force_ssl_controller_level#banana"
-      end
-
-      get :banana, format: :json
-      assert_response 301
-      assert_equal "https://test.host/foo.json", redirect_to_url
-    end
-  end
-end
-
-class ForceSSLOptionalSegmentsTest < ActionController::TestCase
-  tests ForceSSLControllerLevel
-
-  def test_force_ssl_redirects_to_same_format
-    with_routing do |set|
-      set.draw do
-        scope "(:locale)" do
-          defaults locale: "en" do
-            get "/foo", to: "force_ssl_controller_level#banana"
-          end
-        end
-      end
-
-      @request.env["PATH_INFO"] = "/en/foo"
-      get :banana, params: { locale: "en" }
-      assert_equal "en",  @controller.params[:locale]
-      assert_response 301
-      assert_equal "https://test.host/en/foo", redirect_to_url
-    end
-  end
-end
-
-class RedirectToSSLTest < ActionController::TestCase
-  def test_banana_redirects_to_https_if_not_https
-    get :banana
-    assert_response 301
-    assert_equal "https://test.host/redirect_to_ssl/banana", redirect_to_url
-  end
-
-  def test_cheeseburgers_redirects_to_https_with_new_host_if_not_https
-    get :cheeseburger
-    assert_response 301
-    assert_equal "https://secure.cheeseburger.host/redirect_to_ssl/cheeseburger", redirect_to_url
-  end
-
-  def test_cheeseburgers_does_not_redirect_if_already_https
-    request.env["HTTPS"] = "on"
-    get :cheeseburger
-    assert_response 200
-    assert_equal "ihaz", response.body
-  end
-end
-
-class ForceSSLControllerLevelTest < ActionController::TestCase
-  def test_no_redirect_websocket_ssl_request
-    request.env["rack.url_scheme"] = "wss"
-    request.env["Upgrade"] = "websocket"
-    get :cheeseburger
-    assert_response 200
-  end
-end
--- a/guides/source/6_1_release_notes.md
+++ b/guides/source/6_1_release_notes.md
@@ -55,6 +55,8 @@ Please refer to the [Changelog][action-pack] for detailed changes.

 ### Removals

+*   Remove deprecated `force_ssl` at the controller level.
+
 ### Deprecations

 ### Notable changes