From 139bf55b26e3a415c11fcf631c2dead81bd9df67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 19 Mar 2012 16:26:52 -0300 Subject: Remove exclude option from ActionDispatch::SSL --- actionpack/lib/action_dispatch/middleware/ssl.rb | 7 ------- actionpack/test/dispatch/ssl_test.rb | 6 ------ 2 files changed, 13 deletions(-) diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb index c758110367..39b27ecbf9 100644 --- a/actionpack/lib/action_dispatch/middleware/ssl.rb +++ b/actionpack/lib/action_dispatch/middleware/ssl.rb @@ -13,14 +13,11 @@ module ActionDispatch @hsts = {} if @hsts == true @hsts = self.class.default_hsts_options.merge(@hsts) if @hsts - @exclude = options[:exclude] @host = options[:host] @port = options[:port] end def call(env) - return @app.call(env) if exclude?(env) - request = Request.new(env) if request.ssl? @@ -34,10 +31,6 @@ module ActionDispatch end private - def exclude?(env) - @exclude && @exclude.call(env) - end - def redirect_to_https(request) url = URI(request.url) url.scheme = "https" diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb index b1463f31cf..f4cfa75501 100644 --- a/actionpack/test/dispatch/ssl_test.rb +++ b/actionpack/test/dispatch/ssl_test.rb @@ -31,12 +31,6 @@ class SSLTest < ActionDispatch::IntegrationTest response.headers['Location'] end - def test_exclude_from_redirect - self.app = ActionDispatch::SSL.new(default_app, :exclude => lambda { |env| true }) - get "http://example.org/" - assert_response :success - end - def test_hsts_header_by_default get "https://example.org/" assert_equal "max-age=31536000", -- cgit v1.2.3 From 6e04a78462cc41160c094f79cb3433051c38369f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 19 Mar 2012 16:28:15 -0300 Subject: Fix secure cookies when there are more than one space before the secure keyword --- actionpack/lib/action_dispatch/middleware/ssl.rb | 2 +- actionpack/test/dispatch/ssl_test.rb | 28 ++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb index 39b27ecbf9..9098f4e170 100644 --- a/actionpack/lib/action_dispatch/middleware/ssl.rb +++ b/actionpack/lib/action_dispatch/middleware/ssl.rb @@ -58,7 +58,7 @@ module ActionDispatch cookies = cookies.split("\n") headers['Set-Cookie'] = cookies.map { |cookie| - if cookie !~ /; secure(;|$)/ + if cookie !~ /;\s+secure(;|$)/ "#{cookie}; secure" else cookie diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb index f4cfa75501..6f075a9074 100644 --- a/actionpack/test/dispatch/ssl_test.rb +++ b/actionpack/test/dispatch/ssl_test.rb @@ -84,6 +84,34 @@ class SSLTest < ActionDispatch::IntegrationTest response.headers['Set-Cookie'].split("\n") end + def test_flag_cookies_as_secure_with_more_spaces_before + self.app = ActionDispatch::SSL.new(lambda { |env| + headers = { + 'Content-Type' => "text/html", + 'Set-Cookie' => "problem=def; path=/; HttpOnly; secure" + } + [200, headers, ["OK"]] + }) + + get "https://example.org/" + assert_equal ["problem=def; path=/; HttpOnly; secure"], + response.headers['Set-Cookie'].split("\n") + end + + def test_flag_cookies_as_secure_with_more_spaces_after + self.app = ActionDispatch::SSL.new(lambda { |env| + headers = { + 'Content-Type' => "text/html", + 'Set-Cookie' => "problem=def; path=/; secure; HttpOnly" + } + [200, headers, ["OK"]] + }) + + get "https://example.org/" + assert_equal ["problem=def; path=/; secure; HttpOnly"], + response.headers['Set-Cookie'].split("\n") + end + def test_no_cookies self.app = ActionDispatch::SSL.new(lambda { |env| [200, {'Content-Type' => "text/html"}, ["OK"]] -- cgit v1.2.3