Fix a force ssl redirection bug that occur when session store disabled.

2022-11-09 12:12:34 -05:00 · 2016-11-22 14:40:10 +09:00 · 2016-11-22 14:40:10 +09:00 · 28f8914962
commit 28f8914962
parent 6cd65861e9
2 changed files with 25 additions and 1 deletions
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@ -89,7 +89,7 @@ module ActionController
        end
        secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
-        flash.keep if respond_to?(:flash)
+        flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
        redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
      end
    end
--- a/actionpack/test/controller/force_ssl_test.rb
+++ b/actionpack/test/controller/force_ssl_test.rb
@ -92,6 +92,22 @@ class RedirectToSSL < ForceSSLController
  end
 end
 class RedirectToSSLIfSessionStoreDisabled < ForceSSLController
  def banana
    request.class_eval do
      alias_method :flash_origin, :flash
      undef_method :flash
    end
    force_ssl_redirect || render(plain: "monkey")
  ensure
    request.class_eval do
      alias_method :flash, :flash_origin
      undef_method :flash_origin
    end
  end
 end
 class ForceSSLControllerLevelTest < ActionController::TestCase
  def test_banana_redirects_to_https
    get :banana
@ -321,6 +337,14 @@ class RedirectToSSLTest < ActionController::TestCase
  end
 end
 class RedirectToSSLIfSessionStoreDisabledTest < ActionController::TestCase
  def test_banana_redirects_to_https_if_not_https_and_session_store_disabled
    get :banana
    assert_response 301
    assert_equal "https://test.host/redirect_to_ssl_if_session_store_disabled/banana", redirect_to_url
  end
 end
 class ForceSSLControllerLevelTest < ActionController::TestCase
  def test_no_redirect_websocket_ssl_request
    request.env["rack.url_scheme"] = "wss"