Deprecate ActionController::Response#set_cookie :http_only option infavor of :httponly

3 files changed, 5 insertions, 2 deletions

diff --git a/actionpack/lib/action_controller/cookies.rb b/actionpack/lib/action_controller/cookies.rb
index 840ceb5abd..ca380e98d0 100644
--- a/actionpack/lib/action_controller/cookies.rb
+++ b/actionpack/lib/action_controller/cookies.rb
@@ -41,7 +41,7 @@ module ActionController #:nodoc:
   # * <tt>:expires</tt> - The time at which this cookie expires, as a Time object.
   # * <tt>:secure</tt> - Whether this cookie is a only transmitted to HTTPS servers.
   #   Default is +false+.
-  # * <tt>:http_only</tt> - Whether this cookie is accessible via scripting or
+  # * <tt>:httponly</tt> - Whether this cookie is accessible via scripting or
   #   only HTTP. Defaults to +false+.
   module Cookies
     def self.included(base)
diff --git a/actionpack/lib/action_controller/response.rb b/actionpack/lib/action_controller/response.rb
index 4533c12074..6659907975 100644
--- a/actionpack/lib/action_controller/response.rb
+++ b/actionpack/lib/action_controller/response.rb
@@ -169,6 +169,9 @@ module ActionController # :nodoc:
 
     def set_cookie(key, value)
       if value.has_key?(:http_only)
+        ActiveSupport::Deprecation.warn(
+          "The :http_only option in ActionController::Response#set_cookie " +
+          "has been renamed. Please use :httponly instead.", caller)
         value[:httponly] ||= value.delete(:http_only)
       end
 
diff --git a/actionpack/test/controller/cookie_test.rb b/actionpack/test/controller/cookie_test.rb
index 9508348ca1..657be3c4e4 100644
--- a/actionpack/test/controller/cookie_test.rb
+++ b/actionpack/test/controller/cookie_test.rb
@@ -33,7 +33,7 @@ class CookieTest < ActionController::TestCase
     end
 
     def authenticate_with_http_only
-      cookies["user_name"] = { :value => "david", :http_only => true }
+      cookies["user_name"] = { :value => "david", :httponly => true }
     end
 
     def rescue_action(e)