From 32b1c90837570a69841e9ffccff513c74fb7a308 Mon Sep 17 00:00:00 2001
From: Tim Rogers <tim@gocardless.com>
Date: Thu, 24 Dec 2015 17:39:09 +0000
Subject: Flexible configuration for ActionDispatch::SSL

---
 railties/test/application/middleware/session_test.rb | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'railties/test/application/middleware')

diff --git a/railties/test/application/middleware/session_test.rb b/railties/test/application/middleware/session_test.rb
index 25eadfc387..f847e80471 100644
--- a/railties/test/application/middleware/session_test.rb
+++ b/railties/test/application/middleware/session_test.rb
@@ -20,12 +20,19 @@ module ApplicationTests
       @app ||= Rails.application
     end
 
-    test "config.force_ssl sets cookie to secure only" do
+    test "config.force_ssl sets cookie to secure only by default" do
       add_to_config "config.force_ssl = true"
       require "#{app_path}/config/environment"
       assert app.config.session_options[:secure], "Expected session to be marked as secure"
     end
 
+    test "config.force_ssl doesn't set cookie to secure only when changed from default" do
+      add_to_config "config.force_ssl = true"
+      add_to_config "config.ssl_options = { secure_cookies: false }"
+      require "#{app_path}/config/environment"
+      assert !app.config.session_options[:secure]
+    end
+
     test "session is not loaded if it's not used" do
       make_basic_app
 
-- 
cgit v1.2.3