Last Update: Mon Feb 26 15:36:58 -0600 2007



RefreshTo provides a way to redirect from a secure (SSL) page to an insecure page, without seeing an annoying security warning in some browsers. It adds two methods to your controllers: refresh_to and refresh_back_or_default.

Install with:

  script/plugin install svn:// refresh_to

That‘s it. You now have a refresh_to method that acts just like redirect_to.

(Technical details: when using a HTTP 302 redirect from a secure page to an insecure page in IE6, a security warning is displayed. The workaround is to render a simple intermediate html page with a meta refresh to the target page instead of using a HTTP redirect. The refresh_to methods implement this inline so that no view file needs to be created. Use it just like the redirect_to method.)

The refresh_to method only needs to be used when redirecting from a secure page to an insecure page. This often happens after a user signs in or after a credit card is processed.

refresh_to (and refresh_back_or_default) accept a URL as a string, a named route, or a hash. Examples:

 * refresh_to('/users/profile')
 * refresh_to(user_profile_url)
 * refresh_to(:controller => "users", :action => "profile")


  def signin
    # Check login credentials
    if valid_login?(params[:user])
      # Redirect the user to his or her profile page
      flash[:notice] = "Welcome back!"
      # example using a hash
      refresh_to(:controller => "users", :action => "profile")
      # Redirect the user back to the login page
      flash[:notice] = "Invalid username or password"
      # example using a named route

Also adds a Test::Unit assertion: assert_refreshed_to. This assertion works just like assert_redirected_to, but corresponds to the refresh_to method.


  def test_valid_signin
    get :signin, :user => valid_user_params

    # Note that you are asserting a :success (200), not a :redirect (302)
    assert_response :success
    assert_refreshed_to :controller => "users", :action => "profile"

Copyright (c) 2007 Jonathan Dahl and Slantwise Design. Released under the MIT license.