SSL should not be disabled by default in any environment.

ab838900 · Pat Allan · Andrew White · ed988eec · ab838900 · ab838900
Showing with 1 addition and 15 deletion

actionpack/lib/action_controller/metal/force_ssl.rb actionpack/lib/action_controller/metal/force_ssl.rb +1 -1

actionpack/test/controller/force_ssl_test.rb actionpack/test/controller/force_ssl_test.rb +0 -14

未找到文件。
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -26,7 +26,7 @@ module ClassMethods
      def force_ssl(options = {})
        host = options.delete(:host)
        before_filter(options) do
-          if !request.ssl? && !Rails.env.development?
+          unless request.ssl?
            redirect_options = {:protocol => 'https://', :status => :moved_permanently}
            redirect_options.merge!(:host => host) if host
            redirect_options.merge!(:params => request.query_parameters)

--- a/actionpack/test/controller/force_ssl_test.rb
+++ b/actionpack/test/controller/force_ssl_test.rb
@@ -109,20 +109,6 @@ def test_cheeseburger_redirects_to_https
  end
 end

-class ForceSSLExcludeDevelopmentTest < ActionController::TestCase
-  tests ForceSSLControllerLevel
-
-  def setup
-    Rails.env.stubs(:development?).returns(false)
-  end
-
-  def test_development_environment_not_redirects_to_https
-    Rails.env.stubs(:development?).returns(true)
-    get :banana
-    assert_response 200
-  end
-end
-
 class ForceSSLFlashTest < ActionController::TestCase
  tests ForceSSLFlash