Check exclude before flagging cookies as secure in ActionDispatch::SSL (#32262)

* Check exclude before flagging cookies as secure. * Update comments in ActionDispatch::SSL. [Catherine Khuu + Rafael Mendonça França]
author: Catherine Khuu <catherine.khuu@plated.com> 2018-03-15 17:29:21 -0400
committer: Rafael França <rafaelmfranca@gmail.com> 2018-03-15 17:29:21 -0400
commit: 46ae2b18ea2808eccf3894570dbec46bdb569652 (patch)
tree: edf3272548f1874f455742c701e44086aa4cf15f /actionpack/test/dispatch
parent: 008538081b87940ad1a4fd29df730ec5d0421ee5 (diff)
download: rails-46ae2b18ea2808eccf3894570dbec46bdb569652.tar.gz
rails-46ae2b18ea2808eccf3894570dbec46bdb569652.tar.bz2
rails-46ae2b18ea2808eccf3894570dbec46bdb569652.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb
index 90f2ee46ea..baf46e7c7e 100644
--- a/actionpack/test/dispatch/ssl_test.rb
+++ b/actionpack/test/dispatch/ssl_test.rb
@@ -208,6 +208,14 @@ class SecureCookiesTest < SSLTest
     assert_cookies(*DEFAULT.split("\n"))
   end
 
+  def test_cookies_as_not_secure_with_exclude
+    excluding = { exclude: -> request { request.domain =~ /example/ } }
+    get headers: { "Set-Cookie" => DEFAULT }, ssl_options: { redirect: excluding }
+
+    assert_cookies(*DEFAULT.split("\n"))
+    assert_response :ok
+  end
+
   def test_no_cookies
     get
     assert_nil response.headers["Set-Cookie"]
author	Catherine Khuu <catherine.khuu@plated.com>	2018-03-15 17:29:21 -0400
committer	Rafael França <rafaelmfranca@gmail.com>	2018-03-15 17:29:21 -0400
commit	46ae2b18ea2808eccf3894570dbec46bdb569652 (patch)
tree	edf3272548f1874f455742c701e44086aa4cf15f /actionpack/test/dispatch
parent	008538081b87940ad1a4fd29df730ec5d0421ee5 (diff)
download	rails-46ae2b18ea2808eccf3894570dbec46bdb569652.tar.gz rails-46ae2b18ea2808eccf3894570dbec46bdb569652.tar.bz2 rails-46ae2b18ea2808eccf3894570dbec46bdb569652.zip