diff options
Diffstat (limited to 'actionpack/lib/action_dispatch')
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/ssl.rb | 36 |
1 files changed, 13 insertions, 23 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb index 92f63ae1ef..c758110367 100644 --- a/actionpack/lib/action_dispatch/middleware/ssl.rb +++ b/actionpack/lib/action_dispatch/middleware/ssl.rb @@ -9,8 +9,8 @@ module ActionDispatch def initialize(app, options = {}) @app = app - @hsts = options[:hsts] - @hsts = {} if @hsts.nil? || @hsts == true + @hsts = options.fetch(:hsts, {}) + @hsts = {} if @hsts == true @hsts = self.class.default_hsts_options.merge(@hsts) if @hsts @exclude = options[:exclude] @@ -19,33 +19,27 @@ module ActionDispatch end def call(env) - if @exclude && @exclude.call(env) - @app.call(env) - elsif scheme(env) == 'https' + return @app.call(env) if exclude?(env) + + request = Request.new(env) + + if request.ssl? status, headers, body = @app.call(env) headers = hsts_headers.merge(headers) flag_cookies_as_secure!(headers) [status, headers, body] else - redirect_to_https(env) + redirect_to_https(request) end end private - # Fixed in rack >= 1.3 - def scheme(env) - if env['HTTPS'] == 'on' - 'https' - elsif env['HTTP_X_FORWARDED_PROTO'] - env['HTTP_X_FORWARDED_PROTO'].split(',')[0] - else - env['rack.url_scheme'] - end + def exclude?(env) + @exclude && @exclude.call(env) end - def redirect_to_https(env) - req = Request.new(env) - url = URI(req.url) + def redirect_to_https(request) + url = URI(request.url) url.scheme = "https" url.host = @host if @host url.port = @port if @port @@ -68,11 +62,7 @@ module ActionDispatch def flag_cookies_as_secure!(headers) if cookies = headers['Set-Cookie'] - # Rack 1.1's set_cookie_header! will sometimes wrap - # Set-Cookie in an array - unless cookies.respond_to?(:to_ary) - cookies = cookies.split("\n") - end + cookies = cookies.split("\n") headers['Set-Cookie'] = cookies.map { |cookie| if cookie !~ /; secure(;|$)/ |