Permalink
Browse files

use status 307 for anything but GET or HEAD

  • Loading branch information...
1 parent e07a9de commit f6afd3ee4c7d14296799f2ab8f55cf75aa7d2c77 @rkh rkh committed Jan 29, 2013
Showing with 37 additions and 1 deletion.
  1. +2 −1 lib/rack/ssl.rb
  2. +35 −0 test/test_ssl.rb
View
@@ -50,10 +50,11 @@ def redirect_to_https(env)
url = URI(req.url)
url.scheme = "https"
url.host = @host if @host
+ status = %w[GET HEAD].include?(req.request_method) ? 301 : 307
headers = hsts_headers.merge('Content-Type' => 'text/html',
'Location' => url.to_s)
- [301, headers, []]
+ [status, headers, []]
end
# http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
View
@@ -137,4 +137,39 @@ def test_redirect_to_secure_subdomain_when_on_deep_subdomain
assert_equal "https://example.co.uk/path?key=value",
last_response.headers['Location']
end
+
+ def test_status_get
+ get "http://example.org/"
+ assert_equal 301, last_response.status
+ end
+
+ def test_status_head
+ head "http://example.org/"
+ assert_equal 301, last_response.status
+ end
+
+ def test_status_options
+ options "http://example.org/"
+ assert_equal 307, last_response.status
+ end
+
+ def test_status_post
+ post "http://example.org/"
+ assert_equal 307, last_response.status
+ end
+
+ def test_status_put
+ put "http://example.org/"
+ assert_equal 307, last_response.status
+ end
+
+ def test_status_delete
+ delete "http://example.org/"
+ assert_equal 307, last_response.status
+ end
+
+ def test_status_patch
+ patch "http://example.org/"
+ assert_equal 307, last_response.status
+ end
end

0 comments on commit f6afd3e

Please sign in to comment.