diff options
author | José Valim <jose.valim@gmail.com> | 2012-01-12 20:46:54 +0100 |
---|---|---|
committer | José Valim <jose.valim@gmail.com> | 2012-01-13 19:54:37 +0100 |
commit | d6933a1e9fdce873e5540813f4d44d313b6d363d (patch) | |
tree | 3204537829e33cf1261f62106ee2ce1dd8823328 /railties | |
parent | d393e46149d4fd4f02625d471bef3f9aa049c133 (diff) | |
download | rails-d6933a1e9fdce873e5540813f4d44d313b6d363d.tar.gz rails-d6933a1e9fdce873e5540813f4d44d313b6d363d.tar.bz2 rails-d6933a1e9fdce873e5540813f4d44d313b6d363d.zip |
config.force_ssl should mark the session as secure.
Diffstat (limited to 'railties')
-rw-r--r-- | railties/lib/rails/application.rb | 3 | ||||
-rw-r--r-- | railties/test/application/middleware/session_test.rb | 30 |
2 files changed, 33 insertions, 0 deletions
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index 7103dad1f3..1314966044 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -258,6 +258,9 @@ module Rails middleware.use ::ActionDispatch::Cookies if config.session_store + if config.force_ssl && !config.session_options.key?(:secure) + config.session_options[:secure] = true + end middleware.use config.session_store, config.session_options middleware.use ::ActionDispatch::Flash end diff --git a/railties/test/application/middleware/session_test.rb b/railties/test/application/middleware/session_test.rb new file mode 100644 index 0000000000..f4e77ee244 --- /dev/null +++ b/railties/test/application/middleware/session_test.rb @@ -0,0 +1,30 @@ +# encoding: utf-8 +require 'isolation/abstract_unit' +require 'rack/test' + +module ApplicationTests + class MiddlewareSessionTest < ActiveSupport::TestCase + include ActiveSupport::Testing::Isolation + include Rack::Test::Methods + + def setup + build_app + boot_rails + FileUtils.rm_rf "#{app_path}/config/environments" + end + + def teardown + teardown_app + end + + def app + @app ||= Rails.application + end + + test "config.force_ssl sets cookie to secure only" do + add_to_config "config.force_ssl = true" + require "#{app_path}/config/environment" + assert app.config.session_options[:secure], "Expected session to be marked as secure" + end + end +end |