Flexible configuration for ActionDispatch::SSL

1 files changed, 8 insertions, 1 deletions

diff --git a/railties/test/application/middleware/session_test.rb b/railties/test/application/middleware/session_test.rb
index 25eadfc387..f847e80471 100644
--- a/railties/test/application/middleware/session_test.rb
+++ b/railties/test/application/middleware/session_test.rb
@@ -20,12 +20,19 @@ module ApplicationTests
       @app ||= Rails.application
     end
 
-    test "config.force_ssl sets cookie to secure only" do
+    test "config.force_ssl sets cookie to secure only by default" do
       add_to_config "config.force_ssl = true"
       require "#{app_path}/config/environment"
       assert app.config.session_options[:secure], "Expected session to be marked as secure"
     end
 
+    test "config.force_ssl doesn't set cookie to secure only when changed from default" do
+      add_to_config "config.force_ssl = true"
+      add_to_config "config.ssl_options = { secure_cookies: false }"
+      require "#{app_path}/config/environment"
+      assert !app.config.session_options[:secure]
+    end
+
     test "session is not loaded if it's not used" do
       make_basic_app