diff options
| author | Guillermo Iguaran <guilleiguaran@gmail.com> | 2013-06-24 14:20:40 -0700 |
|---|---|---|
| committer | Guillermo Iguaran <guilleiguaran@gmail.com> | 2013-06-24 14:20:40 -0700 |
| commit | a6dd2ed4af09b7969612c0aac2218795cd5d8370 (patch) | |
| tree | cb90f7e3f0734639c16f65abd79eae0402597d09 /actionpack/test | |
| parent | 035e2976d0d85106fe6f613373fab18497498671 (diff) | |
| parent | d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79 (diff) | |
| download | rails-a6dd2ed4af09b7969612c0aac2218795cd5d8370.tar.gz rails-a6dd2ed4af09b7969612c0aac2218795cd5d8370.tar.bz2 rails-a6dd2ed4af09b7969612c0aac2218795cd5d8370.zip | |
Merge pull request #11065 from gbuesing/hstsfix
ActionDispatch:SSL: don't include STS header in non-https responses
Diffstat (limited to 'actionpack/test')
| -rw-r--r-- | actionpack/test/dispatch/ssl_test.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb index a9bea7ea73..881a8474e1 100644 --- a/actionpack/test/dispatch/ssl_test.rb +++ b/actionpack/test/dispatch/ssl_test.rb @@ -37,6 +37,11 @@ class SSLTest < ActionDispatch::IntegrationTest response.headers['Strict-Transport-Security'] end + def test_no_hsts_with_insecure_connection + get "http://example.org/" + assert_not response.headers['Strict-Transport-Security'] + end + def test_hsts_header self.app = ActionDispatch::SSL.new(default_app, :hsts => true) get "https://example.org/" |