Allow use of durations for ActionDispatch::SSL configuration

2 files changed, 8 insertions, 1 deletions

diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb
index 9098f4e170..9e03cbf2b7 100644
--- a/actionpack/lib/action_dispatch/middleware/ssl.rb
+++ b/actionpack/lib/action_dispatch/middleware/ssl.rb
@@ -45,7 +45,7 @@ module ActionDispatch
       # http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
       def hsts_headers
         if @hsts
-          value = "max-age=#{@hsts[:expires]}"
+          value = "max-age=#{@hsts[:expires].to_i}"
           value += "; includeSubDomains" if @hsts[:subdomains]
           { 'Strict-Transport-Security' => value }
         else
diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb
index b4a39219bf..a9bea7ea73 100644
--- a/actionpack/test/dispatch/ssl_test.rb
+++ b/actionpack/test/dispatch/ssl_test.rb
@@ -57,6 +57,13 @@ class SSLTest < ActionDispatch::IntegrationTest
       response.headers['Strict-Transport-Security']
   end
 
+  def test_hsts_expires_with_duration
+    self.app = ActionDispatch::SSL.new(default_app, :hsts => { :expires => 1.year })
+    get "https://example.org/"
+    assert_equal "max-age=31557600",
+      response.headers['Strict-Transport-Security']
+  end
+
   def test_hsts_include_subdomains
     self.app = ActionDispatch::SSL.new(default_app, :hsts => { :subdomains => true })
     get "https://example.org/"