diff options
author | Cody Fauser <codyfauser@gmail.com> | 2009-01-20 11:50:43 -0600 |
---|---|---|
committer | Joshua Peek <josh@joshpeek.com> | 2009-01-20 11:50:43 -0600 |
commit | c090e5e0755bea3a7cd7135329f8dae6094810b6 (patch) | |
tree | 82c49d137f7553f3fd069966192f0a0c8daa0a3a /actionpack | |
parent | 9cefd5ea0c21595d73762b5d60a760a3ed9fe8bf (diff) | |
download | rails-c090e5e0755bea3a7cd7135329f8dae6094810b6.tar.gz rails-c090e5e0755bea3a7cd7135329f8dae6094810b6.tar.bz2 rails-c090e5e0755bea3a7cd7135329f8dae6094810b6.zip |
Restore cookie store httponly default to true. Remove extraneous dup of options on initialization [#1784 state:resolved]
Signed-off-by: Joshua Peek <josh@joshpeek.com>
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/lib/action_controller/session/cookie_store.rb | 4 | ||||
-rw-r--r-- | actionpack/test/controller/session/cookie_store_test.rb | 4 |
2 files changed, 3 insertions, 5 deletions
diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb index e061c4d4a1..6ad6369950 100644 --- a/actionpack/lib/action_controller/session/cookie_store.rb +++ b/actionpack/lib/action_controller/session/cookie_store.rb @@ -45,7 +45,7 @@ module ActionController :domain => nil, :path => "/", :expire_after => nil, - :httponly => false + :httponly => true }.freeze ENV_SESSION_KEY = "rack.session".freeze @@ -56,8 +56,6 @@ module ActionController class CookieOverflow < StandardError; end def initialize(app, options = {}) - options = options.dup - # Process legacy CGI options options = options.symbolize_keys if options.has_key?(:session_path) diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index d349c18d1d..b6a38f47aa 100644 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -94,7 +94,7 @@ class CookieStoreTest < ActionController::IntegrationTest with_test_route_set do get '/set_session_value' assert_response :success - assert_equal ["_myapp_session=#{response.body}; path=/"], + assert_equal ["_myapp_session=#{response.body}; path=/; httponly"], headers['Set-Cookie'] end end @@ -148,7 +148,7 @@ class CookieStoreTest < ActionController::IntegrationTest get '/set_session_value' assert_response :success session_payload = response.body - assert_equal ["_myapp_session=#{response.body}; path=/"], + assert_equal ["_myapp_session=#{response.body}; path=/; httponly"], headers['Set-Cookie'] get '/call_reset_session' |