59 lines
2.1 KiB
Ruby
59 lines
2.1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "active_support/core_ext/hash/except"
|
|
require "active_support/core_ext/hash/slice"
|
|
|
|
module ActionController
|
|
# This module is deprecated in favor of +config.force_ssl+ in your environment
|
|
# config file. This will ensure all endpoints not explicitly marked otherwise
|
|
# will have all communication served over HTTPS.
|
|
module ForceSSL # :nodoc:
|
|
extend ActiveSupport::Concern
|
|
include AbstractController::Callbacks
|
|
|
|
ACTION_OPTIONS = [:only, :except, :if, :unless]
|
|
URL_OPTIONS = [:protocol, :host, :domain, :subdomain, :port, :path]
|
|
REDIRECT_OPTIONS = [:status, :flash, :alert, :notice]
|
|
|
|
module ClassMethods # :nodoc:
|
|
def force_ssl(options = {})
|
|
ActiveSupport::Deprecation.warn(<<-MESSAGE.squish)
|
|
Controller-level `force_ssl` is deprecated and will be removed from
|
|
Rails 6.1. Please enable `config.force_ssl` in your environment
|
|
configuration to enable the ActionDispatch::SSL middleware to more
|
|
fully enforce that your application communicate over HTTPS. If needed,
|
|
you can use `config.ssl_options` to exempt matching endpoints from
|
|
being redirected to HTTPS.
|
|
MESSAGE
|
|
|
|
action_options = options.slice(*ACTION_OPTIONS)
|
|
redirect_options = options.except(*ACTION_OPTIONS)
|
|
before_action(action_options) do
|
|
force_ssl_redirect(redirect_options)
|
|
end
|
|
end
|
|
end
|
|
|
|
def force_ssl_redirect(host_or_options = nil)
|
|
unless request.ssl?
|
|
options = {
|
|
protocol: "https://",
|
|
host: request.host,
|
|
path: request.fullpath,
|
|
status: :moved_permanently,
|
|
}
|
|
|
|
if host_or_options.is_a?(Hash)
|
|
options.merge!(host_or_options)
|
|
elsif host_or_options
|
|
options[:host] = host_or_options
|
|
end
|
|
|
|
secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
|
|
flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
|
|
redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
|
|
end
|
|
end
|
|
end
|
|
end
|