I'd like to take advantage of the force_ssl
feature in rails 3.1rc4.
class ApplicationController < ActionController::Base
force_ssl
end
Problem is this breaks most/all of my existing RSpec controller specs. For example, this fails:
describe "GET 'index'" do
it "renders the Start page" do
get :index
response.should render_template 'index'
end
end
Instead of rendering the page the response is a 301 redirect to https://test.host/
.
How can I change my specs to simulate an HTTPS GET/POST?
And do I have to change each test manually or is there an easier way? (I realise I could invoke force_ssl
only in production, but that's not ideal. Really, I should be testing that force_ssl
does indeed redirect to https:// when expected.)
To instruct RSpec to make SSL requests in a controller spec use:
request.env['HTTPS'] = 'on'
In your example this looks like:
describe "GET 'index'" do
it "renders the Start page" do
request.env['HTTPS'] = 'on'
get :index
response.should render_template 'index'
end
end
For rspec 3 syntax, https://stackoverflow.com/a/28361428/1107433
get :index, protocol: 'https://'
There may be a slight different version that above code doesn't work. So use code below:
get:index, protocol: :https
For reference I'm currently running Rails 5.2.4 and RSpec 4.
The best solution as given in this answer is to change from using the _path
helper to using the _url
helper.
Then you can pass the protocol
param to generate the HTTPS URL:
get login_url(protocol: :https)
Note that you cannot pass protocol
to the _path
helper:
# NOTE: THIS IS WRONG. Doesn't work with the `_path` helper:
# get login_path(protocol: :https)
An alternative option given in carp's comment above is to pass the "HTTPS"
header with the fake request.
So if you're using strings/symbols or the _path
helper for the request path:
get login_path, headers: {"HTTPS" => "on"}
get '/login', headers: {"HTTPS" => "on"}
Here is carp's full comment:
For actual request specs (as opposed to the now deprecated controller specs), it works like this:
get "/path", headers: { "HTTPS" => "on" }
. The HTTPS header will be picked up by Rack::Request, telling everything down the line to consider the request to be an SSL/TLS one.
If you need SSL at all, anywhere in your application, you should use it everywhere in your application. Then all you need is to use the rack-ssl
gem and add the Rack::SSL
middleware to your config/environments/production.rb
. No additional testing needed; no breakage; problem solved.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.