Merge pull request #11065 from gbuesing/hstsfix

ActionDispatch:SSL: don't include STS header in non-https responses
author: Guillermo Iguaran <guilleiguaran@gmail.com> 2013-06-24 14:20:40 -0700
committer: Guillermo Iguaran <guilleiguaran@gmail.com> 2013-06-24 14:20:40 -0700
commit: a6dd2ed4af09b7969612c0aac2218795cd5d8370 (patch)
tree: cb90f7e3f0734639c16f65abd79eae0402597d09 /actionpack/test/dispatch
parent: 035e2976d0d85106fe6f613373fab18497498671 (diff)
parent: d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79 (diff)
download: rails-a6dd2ed4af09b7969612c0aac2218795cd5d8370.tar.gz
rails-a6dd2ed4af09b7969612c0aac2218795cd5d8370.tar.bz2
rails-a6dd2ed4af09b7969612c0aac2218795cd5d8370.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb
index a9bea7ea73..881a8474e1 100644
--- a/actionpack/test/dispatch/ssl_test.rb
+++ b/actionpack/test/dispatch/ssl_test.rb
@@ -37,6 +37,11 @@ class SSLTest < ActionDispatch::IntegrationTest
       response.headers['Strict-Transport-Security']
   end
 
+  def test_no_hsts_with_insecure_connection
+    get "http://example.org/"
+    assert_not response.headers['Strict-Transport-Security']
+  end
+
   def test_hsts_header
     self.app = ActionDispatch::SSL.new(default_app, :hsts => true)
     get "https://example.org/"
author	Guillermo Iguaran <guilleiguaran@gmail.com>	2013-06-24 14:20:40 -0700
committer	Guillermo Iguaran <guilleiguaran@gmail.com>	2013-06-24 14:20:40 -0700
commit	a6dd2ed4af09b7969612c0aac2218795cd5d8370 (patch)
tree	cb90f7e3f0734639c16f65abd79eae0402597d09 /actionpack/test/dispatch
parent	035e2976d0d85106fe6f613373fab18497498671 (diff)
parent	d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79 (diff)
download	rails-a6dd2ed4af09b7969612c0aac2218795cd5d8370.tar.gz rails-a6dd2ed4af09b7969612c0aac2218795cd5d8370.tar.bz2 rails-a6dd2ed4af09b7969612c0aac2218795cd5d8370.zip