Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

use status 307 for anything but GET or HEAD

  • Loading branch information...
commit f6afd3ee4c7d14296799f2ab8f55cf75aa7d2c77 1 parent e07a9de
@rkh rkh authored
Showing with 37 additions and 1 deletion.
  1. +2 −1  lib/rack/ssl.rb
  2. +35 −0 test/test_ssl.rb
View
3  lib/rack/ssl.rb
@@ -50,10 +50,11 @@ def redirect_to_https(env)
url = URI(req.url)
url.scheme = "https"
url.host = @host if @host
+ status = %w[GET HEAD].include?(req.request_method) ? 301 : 307
headers = hsts_headers.merge('Content-Type' => 'text/html',
'Location' => url.to_s)
- [301, headers, []]
+ [status, headers, []]
end
# http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
View
35 test/test_ssl.rb
@@ -137,4 +137,39 @@ def test_redirect_to_secure_subdomain_when_on_deep_subdomain
assert_equal "https://example.co.uk/path?key=value",
last_response.headers['Location']
end
+
+ def test_status_get
+ get "http://example.org/"
+ assert_equal 301, last_response.status
+ end
+
+ def test_status_head
+ head "http://example.org/"
+ assert_equal 301, last_response.status
+ end
+
+ def test_status_options
+ options "http://example.org/"
+ assert_equal 307, last_response.status
+ end
+
+ def test_status_post
+ post "http://example.org/"
+ assert_equal 307, last_response.status
+ end
+
+ def test_status_put
+ put "http://example.org/"
+ assert_equal 307, last_response.status
+ end
+
+ def test_status_delete
+ delete "http://example.org/"
+ assert_equal 307, last_response.status
+ end
+
+ def test_status_patch
+ patch "http://example.org/"
+ assert_equal 307, last_response.status
+ end
end
Please sign in to comment.
Something went wrong with that request. Please try again.