When force redirecting to SSL, make sure that the session is kept. As we're...

When force redirecting to SSL, make sure that the session is kept. As we're moving from a non-secure to secure environment, it's safe

When force redirecting to SSL, make sure that the session is kept. As we're...
When force redirecting to SSL, make sure that the session is kept. As we're moving from a non-secure to secure environment, it's safe
321dae5d · Marcin Bunsch and Przemek Dąbek · Marcin Bunsch · e927f06b · 321dae5d · 321dae5d
Showing with 38 addition and 1 deletion

actionpack/lib/action_controller/metal/force_ssl.rb actionpack/lib/action_controller/metal/force_ssl.rb +1 -0

actionpack/test/controller/force_ssl_test.rb actionpack/test/controller/force_ssl_test.rb +37 -1

未找到文件。
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -29,6 +29,7 @@ def force_ssl(options = {})
          if !request.ssl? && !Rails.env.development?
            redirect_options = {:protocol => 'https://', :status => :moved_permanently}
            redirect_options.merge!(:host => host) if host
+            flash.keep
            redirect_to redirect_options
          end
        end

--- a/actionpack/test/controller/force_ssl_test.rb
+++ b/actionpack/test/controller/force_ssl_test.rb
@@ -26,6 +26,23 @@ class ForceSSLExceptAction < ForceSSLController
  force_ssl :except => :banana
 end

+class ForceSSLFlash < ForceSSLController
+  force_ssl :except => [:banana, :set_flash, :use_flash]
+
+  def set_flash
+    flash["that"] = "hello"
+    redirect_to '/force_ssl_flash/cheeseburger'
+  end
+
+  def use_flash
+    @flash_copy = {}.update flash
+    @flashy = flash["that"]
+    render :inline => "hello"
+  end
+
+end
+
+
 class ForceSSLControllerLevelTest < ActionController::TestCase
  tests ForceSSLControllerLevel

@@ -50,7 +67,7 @@ def test_banana_redirects_to_https_with_custom_host
    assert_response 301
    assert_equal "https://secure.test.host/force_ssl_custom_domain/banana", redirect_to_url
  end
-  
+
  def test_cheeseburger_redirects_to_https_with_custom_host
    get :cheeseburger
    assert_response 301
@@ -101,3 +118,22 @@ def test_development_environment_not_redirects_to_https
    assert_response 200
  end
 end
+
+class ForceSSLFlashTest < ActionController::TestCase
+  tests ForceSSLFlash
+
+  def test_cheeseburger_redirects_to_https
+    get :set_flash
+    assert_response 302
+    assert_equal "http://test.host/force_ssl_flash/cheeseburger", redirect_to_url
+
+    get :cheeseburger
+    assert_response 301
+    assert_equal "https://test.host/force_ssl_flash/cheeseburger", redirect_to_url
+
+    get :use_flash
+    assert_equal "hello", assigns["flash_copy"]["that"]
+    assert_equal "hello", assigns["flashy"]
+  end
+
+end