kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Rename constrain_to to exclude.

Browse source 
`ActionDispatch::SSL` redirects all HTTP requests to HTTPS, not just some.
The `constrain_to` option inverts this, so it sounds like the middleware
only handles a few requests, rather than the majority with a few routes to
opt out of the redirect.

Renaming to `exclude` matches this intent more closely.
This commit is contained in:
Kasper Timm Hansen 2016-03-03 21:09:58 +01:00
parent 2ef8a0e2b8
commit 493313228a
2 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
actionpack/lib/action_dispatch/middleware/ssl.rb
View file

@ -37,7 +37,7 @@ module ActionDispatch
#
# Redirection can be constrained to only whitelisted requests with `constrain_to`:
#
# config.ssl_options = { redirect: { constrain_to: -> request { request.path !~ /healthcheck/ } } }
# config.ssl_options = { redirect: { exclude: -> request { request.path =~ /healthcheck/ } } }
class SSL
# Default to 180 days, the low end for https://www.ssllabs.com/ssltest/
# and greater than the 18-week requirement for browser preload lists.
@ -59,7 +59,8 @@ module ActionDispatch
else
@redirect = redirect
end
@constrain_to = @redirect && @redirect[:constrain_to] || proc { @redirect }
@exclude = @redirect && @redirect[:exclude] || proc { !@redirect }
@secure_cookies = secure_cookies
if hsts != true && hsts != false && hsts[:subdomains].nil?
@ -84,7 +85,7 @@ module ActionDispatch
flag_cookies_as_secure! headers if @secure_cookies
end
else
return redirect_to_https request if @constrain_to.call(request)
return redirect_to_https request unless @exclude.call(request)
@app.call(env)
end
end

8
actionpack/test/dispatch/ssl_test.rb
View file

@ -39,11 +39,11 @@ class RedirectSSLTest < SSLTest
assert_equal redirect[:body].join, @response.body
end
test 'constrain to can avoid redirect' do
constraining = { constrain_to: -> request { request.path !~ /healthcheck/ } }
test 'exclude can avoid redirect' do
excluding = { exclude: -> request { request.path =~ /healthcheck/ } }
assert_not_redirected 'http://example.org/healthcheck', redirect: constraining
assert_redirected from: 'http://example.org/', redirect: constraining
assert_not_redirected 'http://example.org/healthcheck', redirect: excluding
assert_redirected from: 'http://example.org/', redirect: excluding
end
test 'https is not redirected' do