From 068990b5f41f3814b85fd1a0cf7076e68ca9f336 Mon Sep 17 00:00:00 2001 From: Jason Yeo Date: Mon, 5 Dec 2016 10:46:49 +0800 Subject: [PATCH 1/2] Add code to show call to vulnerable method --- Gemfile | 1 + app/helpers/application_helper.rb | 1 + 2 files changed, 2 insertions(+) diff --git a/Gemfile b/Gemfile index 7a1bbe4..50057d8 100644 --- a/Gemfile +++ b/Gemfile @@ -47,3 +47,4 @@ gem 'festivaltts4r', '0.2.0' gem 'spree', '3.0.7' gem 'authlogic', '1.4.3' gem 'devise_invitable', '1.3.4' +gem 'rack-ssl', '1.0.0' diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index de6be79..7598fb7 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -1,2 +1,3 @@ module ApplicationHelper + Rack::SSL.redirect_to_https end From 87027bfda13069f7675861ec7e7313ef0b469a5d Mon Sep 17 00:00:00 2001 From: Jason Yeo Date: Mon, 5 Dec 2016 11:00:04 +0800 Subject: [PATCH 2/2] Update gem lock file --- Gemfile.lock | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 9631435..ece6bbf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -198,6 +198,8 @@ GEM rabl (0.11.8) activesupport (>= 2.3.14) rack (1.6.4) + rack-ssl (1.0.0) + rack rack-test (0.6.3) rack (>= 1.0) rails (4.2.5) @@ -361,6 +363,7 @@ DEPENDENCIES jquery-rails lingq puma + rack-ssl (= 1.0.0) rails (= 4.2.5) sinatra (= 1.1.4) spree (= 3.0.7) @@ -372,4 +375,4 @@ DEPENDENCIES web-console BUNDLED WITH - 1.12.4 + 1.13.1