Update documentation for force_ssl - closes #5023.

actionpack/CHANGELOG.md

 ## Rails 4.0.0 (unreleased) ##
 
+*   Don't ignore `force_ssl` in development. This is a change of behavior - use a `:if` condition to recreate the old behavior.
+
+        class AccountsController < ApplicationController
+          force_ssl :if => :ssl_configured?
+
+          def ssl_configured?
+            !Rails.env.development?
+          end
+        end
+
+    *Pat Allan*
+
 *   Adds support for the PATCH verb:
       * Request objects respond to `patch?`.
       * Routes have a new `patch` method, and understand `:patch` in the

actionpack/lib/action_controller/metal/force_ssl.rb

@@ -18,11 +18,24 @@ module ClassMethods
       # Force the request to this particular controller or specified actions to be
       # under HTTPS protocol.
       #
-      # Note that this method will not be effective on development environment.
+      # If you need to disable this for any reason (e.g. development) then you can use
+      # an +:if+ or +:unless+ condition.
+      #
+      #     class AccountsController < ApplicationController
+      #       force_ssl :if => :ssl_configured?
+      #
+      #       def ssl_configured?
+      #         !Rails.env.development?
+      #       end
+      #     end
       #
       # ==== Options
       # * <tt>only</tt>   - The callback should be run only for this action
       # * <tt>except<tt>  - The callback should be run for all actions except this action
+      # * <tt>if</tt>     - A symbol naming an instance method or a proc; the callback
+      #                     will be called only when it returns a true value.
+      # * <tt>unless</tt> - A symbol naming an instance method or a proc; the callback
+      #                     will be called only when it returns a false value.
       def force_ssl(options = {})
         host = options.delete(:host)
         before_filter(options) do