Test an HTTPS (SSL) request in RSpec Rails
Question
I'd like to take advantage of the force_ssl feature in rails 3.1rc4.
class ApplicationController < ActionController::Base
force_ssl
end
Problem is this breaks most/all of my existing RSpec controller specs. For example, this fails:
describe "GET 'index'" do
it "renders the Start page" do
get :index
response.should render_template 'index'
end
end
Instead of rendering the page the response is a 301 redirect to https://test.host/ .
How can I change my specs to simulate an HTTPS GET/POST?
And do I have to change each test manually or is there an easier way? (I realise I could invoke force_ssl only in production, but that's not ideal. Really, I should be testing that force_ssl does indeed redirect to https:// when expected.)
4 answers
solution1
44 ACCPTED 2011-11-29 02:18:15
To instruct RSpec to make SSL requests in a controller spec use:
request.env['HTTPS'] = 'on'
In your example this looks like:
describe "GET 'index'" do
it "renders the Start page" do
request.env['HTTPS'] = 'on'
get :index
response.should render_template 'index'
end
end
solution2
2 2015-02-06 08:28:32
For rspec 3 syntax, https://stackoverflow.com/a/28361428/1107433
get :index, protocol: 'https://'
There may be a slight different version that above code doesn't work. So use code below:
get:index, protocol: :https
solution3
1 2020-06-24 10:31:38
For reference I'm currently running Rails 5.2.4 and RSpec 4.
The best solution as given in this answer is to change from using the _path helper to using the _url helper.
Then you can pass the protocol param to generate the HTTPS URL:
get login_url(protocol: :https)
Note that you cannot pass protocol to the _path helper:
# NOTE: THIS IS WRONG. Doesn't work with the `_path` helper:
# get login_path(protocol: :https)
An alternative option given in carp's comment above is to pass the "HTTPS" header with the fake request.
So if you're using strings/symbols or the _path helper for the request path:
get login_path, headers: {"HTTPS" => "on"}
get '/login', headers: {"HTTPS" => "on"}
Here is carp's full comment:
For actual request specs (as opposed to the now deprecated controller specs), it works like this:
get "/path", headers: { "HTTPS" => "on" }. The HTTPS header will be picked up by Rack::Request, telling everything down the line to consider the request to be an SSL/TLS one.
solution4
0 2011-07-22 03:16:25
If you need SSL at all, anywhere in your application, you should use it everywhere in your application. Then all you need is to use the rack-ssl gem and add the Rack::SSL middleware to your config/environments/production.rb . No additional testing needed; no breakage; problem solved.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.