From d8bf1f22ded16e37b3f18b942c8ae49ea79e3d79 Mon Sep 17 00:00:00 2001
From: Geoff Buesing <gbuesing@gmail.com>
Date: Sun, 23 Jun 2013 19:58:02 -0500
Subject: ActionDispatch:SSL: don't include STS header in non-https responses

---
 actionpack/test/dispatch/ssl_test.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'actionpack/test/dispatch/ssl_test.rb')

diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb
index a9bea7ea73..881a8474e1 100644
--- a/actionpack/test/dispatch/ssl_test.rb
+++ b/actionpack/test/dispatch/ssl_test.rb
@@ -37,6 +37,11 @@ class SSLTest < ActionDispatch::IntegrationTest
       response.headers['Strict-Transport-Security']
   end
 
+  def test_no_hsts_with_insecure_connection
+    get "http://example.org/"
+    assert_not response.headers['Strict-Transport-Security']
+  end
+
   def test_hsts_header
     self.app = ActionDispatch::SSL.new(default_app, :hsts => true)
     get "https://example.org/"
-- 
cgit v1.2.3