diff options
| author | Guillermo Iguaran <guilleiguaran@gmail.com> | 2015-06-14 15:10:30 -0500 |
|---|---|---|
| committer | Guillermo Iguaran <guilleiguaran@gmail.com> | 2015-06-14 15:10:30 -0500 |
| commit | db620812354c39b928d4ac6a8fc05437c54031cc (patch) | |
| tree | 73bbced2d70e5b9d4c084e6161499c9bbd39b386 /actionpack | |
| parent | 9e9cae7b37cdb489d64d58f2611cae7eb48e3a52 (diff) | |
| parent | bb0186cf5542bca1891e507774447588846f88d1 (diff) | |
| download | rails-db620812354c39b928d4ac6a8fc05437c54031cc.tar.gz rails-db620812354c39b928d4ac6a8fc05437c54031cc.tar.bz2 rails-db620812354c39b928d4ac6a8fc05437c54031cc.zip | |
Merge pull request #20559 from mtsmfm/fix-header-modification-by-ssl
ActionDispatch::SSL should keep original header's behavior
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/ssl.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/dispatch/ssl_test.rb | 11 |
2 files changed, 12 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb index 0c7caef25d..7b3d8bcc5b 100644 --- a/actionpack/lib/action_dispatch/middleware/ssl.rb +++ b/actionpack/lib/action_dispatch/middleware/ssl.rb @@ -22,7 +22,7 @@ module ActionDispatch if request.ssl? status, headers, body = @app.call(env) - headers = hsts_headers.merge(headers) + headers.reverse_merge!(hsts_headers) flag_cookies_as_secure!(headers) [status, headers, body] else diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb index 7ced41bc2e..017e9ba2dd 100644 --- a/actionpack/test/dispatch/ssl_test.rb +++ b/actionpack/test/dispatch/ssl_test.rb @@ -216,4 +216,15 @@ class SSLTest < ActionDispatch::IntegrationTest assert_equal "https://example.co.uk/path?key=value", response.headers['Location'] end + + def test_keeps_original_headers_behavior + headers = Rack::Utils::HeaderHash.new( + "Content-Type" => "text/html", + "Connection" => ["close"] + ) + self.app = ActionDispatch::SSL.new(lambda { |env| [200, headers, ["OK"]] }) + + get "https://example.org/" + assert_equal "close", response.headers["Connection"] + end end |