ActionDispatch:SSL: don't include STS header in non-https responses

author: Geoff Buesing <gbuesing@gmail.com> 2013-06-23 19:58:02 -0500
committer: Geoff Buesing <gbuesing@gmail.com> 2013-06-23 20:01:20 -0500
commit: d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79 (patch)
tree: 4e9ed751a5df9342c5ad59ad3646deee3034b83d /actionpack/test/dispatch/ssl_test.rb
parent: 11ac1e8a2ce9b12fce829088e1000328687d0cf4 (diff)
download: rails-d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79.tar.gz
rails-d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79.tar.bz2
rails-d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb
index a9bea7ea73..881a8474e1 100644
--- a/actionpack/test/dispatch/ssl_test.rb
+++ b/actionpack/test/dispatch/ssl_test.rb
@@ -37,6 +37,11 @@ class SSLTest < ActionDispatch::IntegrationTest
       response.headers['Strict-Transport-Security']
   end
 
+  def test_no_hsts_with_insecure_connection
+    get "http://example.org/"
+    assert_not response.headers['Strict-Transport-Security']
+  end
+
   def test_hsts_header
     self.app = ActionDispatch::SSL.new(default_app, :hsts => true)
     get "https://example.org/"
author	Geoff Buesing <gbuesing@gmail.com>	2013-06-23 19:58:02 -0500
committer	Geoff Buesing <gbuesing@gmail.com>	2013-06-23 20:01:20 -0500
commit	d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79 (patch)
tree	4e9ed751a5df9342c5ad59ad3646deee3034b83d /actionpack/test/dispatch/ssl_test.rb
parent	11ac1e8a2ce9b12fce829088e1000328687d0cf4 (diff)
download	rails-d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79.tar.gz rails-d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79.tar.bz2 rails-d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79.zip