diff options
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/ssl.rb | 3 | ||||
| -rw-r--r-- | actionpack/test/dispatch/ssl_test.rb | 5 |
2 files changed, 6 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb index 9e03cbf2b7..68ced4e40c 100644 --- a/actionpack/lib/action_dispatch/middleware/ssl.rb +++ b/actionpack/lib/action_dispatch/middleware/ssl.rb @@ -36,8 +36,7 @@ module ActionDispatch url.scheme = "https" url.host = @host if @host url.port = @port if @port - headers = hsts_headers.merge('Content-Type' => 'text/html', - 'Location' => url.to_s) + headers = { 'Content-Type' => 'text/html', 'Location' => url.to_s } [301, headers, []] end diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb index a9bea7ea73..881a8474e1 100644 --- a/actionpack/test/dispatch/ssl_test.rb +++ b/actionpack/test/dispatch/ssl_test.rb @@ -37,6 +37,11 @@ class SSLTest < ActionDispatch::IntegrationTest response.headers['Strict-Transport-Security'] end + def test_no_hsts_with_insecure_connection + get "http://example.org/" + assert_not response.headers['Strict-Transport-Security'] + end + def test_hsts_header self.app = ActionDispatch::SSL.new(default_app, :hsts => true) get "https://example.org/" |