Flexible configuration for ActionDispatch::SSL

author: Tim Rogers <tim@gocardless.com> 2015-12-24 17:39:09 +0000
committer: Tim Rogers <tim@gocardless.com> 2015-12-29 13:07:51 +0000
commit: 32b1c90837570a69841e9ffccff513c74fb7a308 (patch)
tree: fe573189f19ecb5dc8e79b4462f264dce62313de /railties/lib/rails
parent: 468df261f8a123dec1d36b22136476ae3660e1fa (diff)
download: rails-32b1c90837570a69841e9ffccff513c74fb7a308.tar.gz
rails-32b1c90837570a69841e9ffccff513c74fb7a308.tar.bz2
rails-32b1c90837570a69841e9ffccff513c74fb7a308.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/railties/lib/rails/application/default_middleware_stack.rb b/railties/lib/rails/application/default_middleware_stack.rb
index ed6a1f82d3..4f1cc0703d 100644
--- a/railties/lib/rails/application/default_middleware_stack.rb
+++ b/railties/lib/rails/application/default_middleware_stack.rb
@@ -68,7 +68,7 @@ module Rails
           middleware.use ::ActionDispatch::Cookies unless config.api_only
 
           if !config.api_only && config.session_store
-            if config.force_ssl && !config.session_options.key?(:secure)
+            if config.force_ssl && config.ssl_options.fetch(:secure_cookies, true) && !config.session_options.key?(:secure)
               config.session_options[:secure] = true
             end
             middleware.use config.session_store, config.session_options
author	Tim Rogers <tim@gocardless.com>	2015-12-24 17:39:09 +0000
committer	Tim Rogers <tim@gocardless.com>	2015-12-29 13:07:51 +0000
commit	32b1c90837570a69841e9ffccff513c74fb7a308 (patch)
tree	fe573189f19ecb5dc8e79b4462f264dce62313de /railties/lib/rails
parent	468df261f8a123dec1d36b22136476ae3660e1fa (diff)
download	rails-32b1c90837570a69841e9ffccff513c74fb7a308.tar.gz rails-32b1c90837570a69841e9ffccff513c74fb7a308.tar.bz2 rails-32b1c90837570a69841e9ffccff513c74fb7a308.zip