diff options
| author | Geoff Buesing <gbuesing@gmail.com> | 2013-06-23 19:58:02 -0500 |
|---|---|---|
| committer | Geoff Buesing <gbuesing@gmail.com> | 2013-06-23 20:01:20 -0500 |
| commit | d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79 (patch) | |
| tree | 4e9ed751a5df9342c5ad59ad3646deee3034b83d | |
| parent | 11ac1e8a2ce9b12fce829088e1000328687d0cf4 (diff) | |
| download | rails-d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79.tar.gz rails-d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79.tar.bz2 rails-d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79.zip | |
ActionDispatch:SSL: don't include STS header in non-https responses
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/ssl.rb | 3 | ||||
| -rw-r--r-- | actionpack/test/dispatch/ssl_test.rb | 5 |
2 files changed, 6 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb index 9e03cbf2b7..68ced4e40c 100644 --- a/actionpack/lib/action_dispatch/middleware/ssl.rb +++ b/actionpack/lib/action_dispatch/middleware/ssl.rb @@ -36,8 +36,7 @@ module ActionDispatch url.scheme = "https" url.host = @host if @host url.port = @port if @port - headers = hsts_headers.merge('Content-Type' => 'text/html', - 'Location' => url.to_s) + headers = { 'Content-Type' => 'text/html', 'Location' => url.to_s } [301, headers, []] end diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb index a9bea7ea73..881a8474e1 100644 --- a/actionpack/test/dispatch/ssl_test.rb +++ b/actionpack/test/dispatch/ssl_test.rb @@ -37,6 +37,11 @@ class SSLTest < ActionDispatch::IntegrationTest response.headers['Strict-Transport-Security'] end + def test_no_hsts_with_insecure_connection + get "http://example.org/" + assert_not response.headers['Strict-Transport-Security'] + end + def test_hsts_header self.app = ActionDispatch::SSL.new(default_app, :hsts => true) get "https://example.org/" |