diff --git a/app/policies/ssl_redirect_exclusion_policy.rb b/app/policies/ssl_redirect_exclusion_policy.rb deleted file mode 100644 index 41f19dba046..00000000000 --- a/app/policies/ssl_redirect_exclusion_policy.rb +++ /dev/null @@ -1,27 +0,0 @@ -# frozen_string_literal: true - -# @note To be used in the environment configuration settings for excluding exempt request paths from SSL redirects -# when `config.force_ssl = true` -# -# @example config/environments/production.rb -# -# Rails.application.configure do -# config.force_ssl = true -# config.ssl_options = { redirect: { exclude: SslRedirectExclusionPolicy } } -# # etc. -class SslRedirectExclusionPolicy - EXEMPT_PATH_PATTERNS = [ - %r{^/api/docs/v3/}, - %r{^/api/metadata$}, - %r{^/health-check$}, - %r{^/idt/api/v1/}, - %r{^/idt/api/v2/}, - %r{^/pdfjs/} - ].freeze - - # @param [ActionDispatch::Request] request - # @return [TrueClass, FalseClass] true if request path is exempt from an SSL redirect - def self.call(request) - EXEMPT_PATH_PATTERNS.any? { |pattern| pattern =~ request.path } - end -end diff --git a/config/environments/production.rb b/config/environments/production.rb index aa0fb4423fe..73bccf982ab 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -45,7 +45,6 @@ # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. config.force_ssl = true - config.ssl_options = { redirect: { exclude: SslRedirectExclusionPolicy } } # Use the lowest log level to ensure availability of diagnostic information # when problems arise. diff --git a/spec/requests/ssl_redirects_spec.rb b/spec/requests/ssl_redirects_spec.rb deleted file mode 100644 index 33c1b3d8412..00000000000 --- a/spec/requests/ssl_redirects_spec.rb +++ /dev/null @@ -1,75 +0,0 @@ -# frozen_string_literal: true - -describe "SSL Redirects" do - # `app` is what RSpec tests against in request specs, similar to `controller` in controller specs. - # Here, we override it with our modified app. - def app - # Since `CaseflowCertification::Application` is already loaded at this stage, we can't modify the middleware stack, - # so we subclass the application and adjust the relevant SSL config settings. - @app ||= Class.new(Rails.application.class) do - config.force_ssl = true - config.ssl_options = { redirect: { exclude: SslRedirectExclusionPolicy } } - end - end - - before { allow(SslRedirectExclusionPolicy).to receive(:call).and_call_original } - - context "when request is not SSL" do - context "when path matches '/api/docs/v3/'" do - it "is exempt from SSL redirect" do - get "/api/docs/v3/decision_reviews" - expect(SslRedirectExclusionPolicy).to have_received(:call) - expect(response).not_to have_http_status(:redirect) - end - end - - context "when path is '/api/metadata'" do - it "is exempt from SSL redirect" do - get "/api/metadata" - expect(SslRedirectExclusionPolicy).to have_received(:call) - expect(response).not_to have_http_status(:redirect) - end - end - - context "when path is '/health-check'" do - it "is exempt from SSL redirect" do - get "/health-check" - expect(SslRedirectExclusionPolicy).to have_received(:call) - expect(response).not_to have_http_status(:redirect) - end - end - - context "when path matches '/idt/api/v1/'" do - it "is exempt from SSL redirect" do - get "/idt/api/v1/appeals" - expect(SslRedirectExclusionPolicy).to have_received(:call) - expect(response).not_to have_http_status(:redirect) - end - end - - context "when path matches '/idt/api/v2/'" do - it "is exempt from SSL redirect" do - get "/idt/api/v2/appeals" - expect(SslRedirectExclusionPolicy).to have_received(:call) - expect(response).not_to have_http_status(:redirect) - end - end - - context "when path matches '/pdfjs/'" do - it "is exempt from SSL redirect" do - get "/pdfjs/full?file=%2Fcertifications%2F2774535%2Fform9_pdf" - expect(SslRedirectExclusionPolicy).to have_received(:call) - expect(response).not_to have_http_status(:redirect) - end - end - - context "when path is not exempt from SSL redirects" do - it "is redirected with SSL" do - get "/users" - expect(SslRedirectExclusionPolicy).to have_received(:call) - - expect(response).to redirect_to("https://#{request.host}/users") - end - end - end -end