diff options
| author | José Valim <jose.valim@gmail.com> | 2012-03-19 12:40:41 -0700 |
|---|---|---|
| committer | José Valim <jose.valim@gmail.com> | 2012-03-19 12:40:41 -0700 |
| commit | ae977150e7beaa6a45960288acea3801b98639f7 (patch) | |
| tree | c6db5898cdbd709f10c02e6691600474d2d59335 /actionpack/lib/action_dispatch/middleware/ssl.rb | |
| parent | 09d884cd2cb8f49f0899864cd42649a3bf403872 (diff) | |
| parent | 6e04a78462cc41160c094f79cb3433051c38369f (diff) | |
| download | rails-ae977150e7beaa6a45960288acea3801b98639f7.tar.gz rails-ae977150e7beaa6a45960288acea3801b98639f7.tar.bz2 rails-ae977150e7beaa6a45960288acea3801b98639f7.zip | |
Merge pull request #5515 from rafaelfranca/remove-exclude
Remove exclude option from ActionDispatch::SSL and fix secure cookies
Diffstat (limited to 'actionpack/lib/action_dispatch/middleware/ssl.rb')
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/ssl.rb | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb index c758110367..9098f4e170 100644 --- a/actionpack/lib/action_dispatch/middleware/ssl.rb +++ b/actionpack/lib/action_dispatch/middleware/ssl.rb @@ -13,14 +13,11 @@ module ActionDispatch @hsts = {} if @hsts == true @hsts = self.class.default_hsts_options.merge(@hsts) if @hsts - @exclude = options[:exclude] @host = options[:host] @port = options[:port] end def call(env) - return @app.call(env) if exclude?(env) - request = Request.new(env) if request.ssl? @@ -34,10 +31,6 @@ module ActionDispatch end private - def exclude?(env) - @exclude && @exclude.call(env) - end - def redirect_to_https(request) url = URI(request.url) url.scheme = "https" @@ -65,7 +58,7 @@ module ActionDispatch cookies = cookies.split("\n") headers['Set-Cookie'] = cookies.map { |cookie| - if cookie !~ /; secure(;|$)/ + if cookie !~ /;\s+secure(;|$)/ "#{cookie}; secure" else cookie |