Fix a force ssl redirection bug that occur when session store disabled.

2022-11-09 12:12:34 -05:00 · 2016-11-22 14:40:10 +09:00 · 2016-11-22 14:40:10 +09:00 · 28f8914962
commit 28f8914962
parent 6cd65861e9
2 changed files with 25 additions and 1 deletions
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@ -89,7 +89,7 @@ module ActionController
        end

        secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
-        flash.keep if respond_to?(:flash)
+        flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
        redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
      end
    end
--- a/actionpack/test/controller/force_ssl_test.rb
+++ b/actionpack/test/controller/force_ssl_test.rb
@ -92,6 +92,22 @@ class RedirectToSSL < ForceSSLController
  end
 end

+class RedirectToSSLIfSessionStoreDisabled < ForceSSLController
+  def banana
+    request.class_eval do
+      alias_method :flash_origin, :flash
+      undef_method :flash
+    end
+
+    force_ssl_redirect || render(plain: "monkey")
+  ensure
+    request.class_eval do
+      alias_method :flash, :flash_origin
+      undef_method :flash_origin
+    end
+  end
+end
+
 class ForceSSLControllerLevelTest < ActionController::TestCase
  def test_banana_redirects_to_https
    get :banana
@ -321,6 +337,14 @@ class RedirectToSSLTest < ActionController::TestCase
  end
 end

+class RedirectToSSLIfSessionStoreDisabledTest < ActionController::TestCase
+  def test_banana_redirects_to_https_if_not_https_and_session_store_disabled
+    get :banana
+    assert_response 301
+    assert_equal "https://test.host/redirect_to_ssl_if_session_store_disabled/banana", redirect_to_url
+  end
+end
+
 class ForceSSLControllerLevelTest < ActionController::TestCase
  def test_no_redirect_websocket_ssl_request
    request.env["rack.url_scheme"] = "wss"