README

Path: README
Last Update: Mon Feb 26 15:36:58 -0600 2007

RefreshTo

===

RefreshTo provides a way to redirect from a secure (SSL) page to an insecure page, without seeing an annoying security warning in some browsers. It adds two methods to your controllers: refresh_to and refresh_back_or_default.

Install with:

  script/plugin install svn://rubyforge.org/var/svn/refresh-to/trunk refresh_to

That‘s it. You now have a refresh_to method that acts just like redirect_to.

(Technical details: when using a HTTP 302 redirect from a secure page to an insecure page in IE6, a security warning is displayed. The workaround is to render a simple intermediate html page with a meta refresh to the target page instead of using a HTTP redirect. The refresh_to methods implement this inline so that no view file needs to be created. Use it just like the redirect_to method.)

The refresh_to method only needs to be used when redirecting from a secure page to an insecure page. This often happens after a user signs in or after a credit card is processed.

refresh_to (and refresh_back_or_default) accept a URL as a string, a named route, or a hash. Examples:

 * refresh_to('/users/profile')
 * refresh_to(user_profile_url)
 * refresh_to(:controller => "users", :action => "profile")

Example:

  def signin
    # Check login credentials
    if valid_login?(params[:user])
      # Redirect the user to his or her profile page
      flash[:notice] = "Welcome back!"
      # example using a hash
      refresh_to(:controller => "users", :action => "profile")
    else
      # Redirect the user back to the login page
      flash[:notice] = "Invalid username or password"
      # example using a named route
      refresh_to(login_url)
    end
  end

Also adds a Test::Unit assertion: assert_refreshed_to. This assertion works just like assert_redirected_to, but corresponds to the refresh_to method.

Example:

  def test_valid_signin
    get :signin, :user => valid_user_params

    # Note that you are asserting a :success (200), not a :redirect (302)
    assert_response :success
    assert_refreshed_to :controller => "users", :action => "profile"
  end

Copyright (c) 2007 Jonathan Dahl and Slantwise Design. Released under the MIT license.

[Validate]