From 46ae2b18ea2808eccf3894570dbec46bdb569652 Mon Sep 17 00:00:00 2001
From: Catherine Khuu <catherine.khuu@plated.com>
Date: Thu, 15 Mar 2018 17:29:21 -0400
Subject: Check exclude before flagging cookies as secure in
 ActionDispatch::SSL (#32262)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Check exclude before flagging cookies as secure.

* Update comments in ActionDispatch::SSL.

[Catherine Khuu + Rafael Mendonça França]
---
 actionpack/test/dispatch/ssl_test.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'actionpack/test/dispatch')

diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb
index 90f2ee46ea..baf46e7c7e 100644
--- a/actionpack/test/dispatch/ssl_test.rb
+++ b/actionpack/test/dispatch/ssl_test.rb
@@ -208,6 +208,14 @@ class SecureCookiesTest < SSLTest
     assert_cookies(*DEFAULT.split("\n"))
   end
 
+  def test_cookies_as_not_secure_with_exclude
+    excluding = { exclude: -> request { request.domain =~ /example/ } }
+    get headers: { "Set-Cookie" => DEFAULT }, ssl_options: { redirect: excluding }
+
+    assert_cookies(*DEFAULT.split("\n"))
+    assert_response :ok
+  end
+
   def test_no_cookies
     get
     assert_nil response.headers["Set-Cookie"]
-- 
cgit v1.2.3