From 32b1c90837570a69841e9ffccff513c74fb7a308 Mon Sep 17 00:00:00 2001
From: Tim Rogers <tim@gocardless.com>
Date: Thu, 24 Dec 2015 17:39:09 +0000
Subject: Flexible configuration for ActionDispatch::SSL

---
 railties/lib/rails/application/default_middleware_stack.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'railties/lib/rails')

diff --git a/railties/lib/rails/application/default_middleware_stack.rb b/railties/lib/rails/application/default_middleware_stack.rb
index ed6a1f82d3..4f1cc0703d 100644
--- a/railties/lib/rails/application/default_middleware_stack.rb
+++ b/railties/lib/rails/application/default_middleware_stack.rb
@@ -68,7 +68,7 @@ module Rails
           middleware.use ::ActionDispatch::Cookies unless config.api_only
 
           if !config.api_only && config.session_store
-            if config.force_ssl && !config.session_options.key?(:secure)
+            if config.force_ssl && config.ssl_options.fetch(:secure_cookies, true) && !config.session_options.key?(:secure)
               config.session_options[:secure] = true
             end
             middleware.use config.session_store, config.session_options
-- 
cgit v1.2.3