From d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79 Mon Sep 17 00:00:00 2001
From: Geoff Buesing <gbuesing@gmail.com>
Date: Sun, 23 Jun 2013 19:58:02 -0500
Subject: ActionDispatch:SSL: don't include STS header in non-https responses

---
 actionpack/lib/action_dispatch/middleware/ssl.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'actionpack/lib/action_dispatch/middleware')

diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb
index 9e03cbf2b7..68ced4e40c 100644
--- a/actionpack/lib/action_dispatch/middleware/ssl.rb
+++ b/actionpack/lib/action_dispatch/middleware/ssl.rb
@@ -36,8 +36,7 @@ module ActionDispatch
         url.scheme = "https"
         url.host   = @host if @host
         url.port   = @port if @port
-        headers    = hsts_headers.merge('Content-Type' => 'text/html',
-                                        'Location'     => url.to_s)
+        headers    = { 'Content-Type' => 'text/html', 'Location' => url.to_s }
 
         [301, headers, []]
       end
-- 
cgit v1.2.3