Merge branch '1.3.x'
Skip URI parsing Request#url
URI may fail to parse some legit URL paths
Merge pull request #31 from gomore/master
Handle bad URIs gracefully
Update test 404 -> 400
Handle bad URIs gracefully.
Some adapters (i.e. jruby-rack) will pass through bad URIs, then display
the resulting exception. This creates an attack vector for XSS attacks.
As per spec, don't include STS header in non-https responses
use status 307 for anything but GET or HEAD
Revert "Merge pull request #7 from bartt/master"
This reverts commit 6a6c15d, reversing
changes made to 239e2d4.
- Add :port to options
Fix array set-cookie headers in rack 1.1
Split out the test.
Make sure a "secure" directive at the end of a cookie is noticed.
Change subdomain to host option
Add subdomain option to redirect to an ssl enabled subdomain
Add exclude option
Fix case when Set-Cookie header is nil
Allow HSTS header to be configured
Flag all cookies as secure
Add HSTS header
Redirect http to https