From e9956ee8e8cb7e7957cc6061ea9fdca7380d478f Mon Sep 17 00:00:00 2001
From: Nick Martin <nim@meteor.com>
Date: Wed, 15 Aug 2012 22:30:15 -0700
Subject: [PATCH] Integrate force-ssl and absolute-url. Now when you add
 force-ssl, secure defaults to true in absolute-url.

---
 packages/absolute-url/url_common.js    |  7 ++++++-
 packages/absolute-url/url_tests.js     | 15 +++++++++++++++
 packages/force-ssl/force_ssl_common.js |  1 +
 packages/force-ssl/package.js          |  7 +++++++
 4 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 packages/force-ssl/force_ssl_common.js

diff --git a/packages/absolute-url/url_common.js b/packages/absolute-url/url_common.js
index 483f265f84..d1b123aa92 100644
--- a/packages/absolute-url/url_common.js
+++ b/packages/absolute-url/url_common.js
@@ -14,7 +14,12 @@
     if (path)
       url += path;
 
-    if (options.secure && /^http:/.test(url)) // startsWith(url, 'http:')
+    // turn http to http if secure option is set, and we're not talking
+    // to localhost.
+    if (options.secure &&
+        /^http:/.test(url) && // startsWith('http:')
+        !/http:\/\/localhost[:\/]/.test(url) && // doesn't match localhost
+        !/http:\/\/127\.0\.0\.1[:\/]/.test(url)) // or 127.0.0.1
       url = url.replace(/^http:/, 'https:');
 
     return url;
diff --git a/packages/absolute-url/url_tests.js b/packages/absolute-url/url_tests.js
index 6aebfd0bf1..e2e595180d 100644
--- a/packages/absolute-url/url_tests.js
+++ b/packages/absolute-url/url_tests.js
@@ -19,6 +19,21 @@ Tinytest.add("absolute-url - basics", function(test) {
   test.equal(Meteor.absoluteUrl('foo', {rootUrl: 'https://asdf.com',
                                          secure: false}),
              'https://asdf.com/foo');
+
+  test.equal(Meteor.absoluteUrl('foo', {rootUrl: 'http://localhost',
+                                         secure: true}),
+             'http://localhost/foo');
+  test.equal(Meteor.absoluteUrl('foo', {rootUrl: 'http://localhost:3000',
+                                         secure: true}),
+             'http://localhost:3000/foo');
+  test.equal(Meteor.absoluteUrl('foo', {rootUrl: 'https://localhost:3000',
+                                         secure: true}),
+             'https://localhost:3000/foo');
+  test.equal(Meteor.absoluteUrl('foo', {rootUrl: 'http://127.0.0.1:3000',
+                                         secure: true}),
+             'http://127.0.0.1:3000/foo');
+
+
 });
 
 
diff --git a/packages/force-ssl/force_ssl_common.js b/packages/force-ssl/force_ssl_common.js
new file mode 100644
index 0000000000..00b121f8b4
--- /dev/null
+++ b/packages/force-ssl/force_ssl_common.js
@@ -0,0 +1 @@
+_.extend(Meteor.absoluteUrl.defaultOptions, {secure: true});
diff --git a/packages/force-ssl/package.js b/packages/force-ssl/package.js
index 451e1795f9..90b5037578 100644
--- a/packages/force-ssl/package.js
+++ b/packages/force-ssl/package.js
@@ -7,6 +7,13 @@ Package.on_use(function (api) {
   // make sure we come after livedata, so we load after the sockjs
   // server has been instantiated.
   api.use('livedata', 'server');
+
+  // we don't really depend on absolute-url, but we do modify its
+  // behavior. If there were a way to say "if the other package is
+  // loaded, make sure we come after it", we should do that here.
+  api.use('absolute-url', ['client', 'server']);
+
+  api.add_files('force_ssl_common.js', ['client', 'server']);
   api.add_files('force_ssl_server.js', 'server');
 
   // Another thing we could do is add a force_ssl_client.js file that