Permalink
Browse files

Some refactoring and update ActionDispatch::SSL code to use the Rack …

…1.4.x
  • Loading branch information...
rafaelfranca committed Mar 17, 2012
1 parent 9ec63eb commit 041f4eec39712ac96aa1bf1fd3ed9f4cf7bac690
Showing with 13 additions and 37 deletions.
  1. +13 −23 actionpack/lib/action_dispatch/middleware/ssl.rb
  2. +0 −14 actionpack/test/dispatch/ssl_test.rb
@@ -9,8 +9,8 @@ def self.default_hsts_options
def initialize(app, options = {})
@app = app
- @hsts = options[:hsts]
- @hsts = {} if @hsts.nil? || @hsts == true
+ @hsts = options.fetch(:hsts, {})
+ @hsts = {} if @hsts == true
@hsts = self.class.default_hsts_options.merge(@hsts) if @hsts
@exclude = options[:exclude]
@@ -19,33 +19,27 @@ def initialize(app, options = {})
end
def call(env)
- if @exclude && @exclude.call(env)
- @app.call(env)
- elsif scheme(env) == 'https'
+ return @app.call(env) if exclude?(env)
+
+ request = Request.new(env)
+
+ if request.ssl?
status, headers, body = @app.call(env)
headers = hsts_headers.merge(headers)
flag_cookies_as_secure!(headers)
[status, headers, body]
else
- redirect_to_https(env)
+ redirect_to_https(request)
end
end
private
- # Fixed in rack >= 1.3
- def scheme(env)
- if env['HTTPS'] == 'on'
- 'https'
- elsif env['HTTP_X_FORWARDED_PROTO']
- env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
- else
- env['rack.url_scheme']
- end
+ def exclude?(env)
+ @exclude && @exclude.call(env)
end
- def redirect_to_https(env)
- req = Request.new(env)
- url = URI(req.url)
+ def redirect_to_https(request)
+ url = URI(request.url)
url.scheme = "https"
url.host = @host if @host
url.port = @port if @port
@@ -68,11 +62,7 @@ def hsts_headers
def flag_cookies_as_secure!(headers)
if cookies = headers['Set-Cookie']
- # Rack 1.1's set_cookie_header! will sometimes wrap
- # Set-Cookie in an array
- unless cookies.respond_to?(:to_ary)
- cookies = cookies.split("\n")
- end
+ cookies = cookies.split("\n")
headers['Set-Cookie'] = cookies.map { |cookie|
if cookie !~ /; secure(;|$)/
@@ -90,20 +90,6 @@ def test_flag_cookies_as_secure_at_end_of_line
response.headers['Set-Cookie'].split("\n")
end
- def test_legacy_array_headers
- self.app = ActionDispatch::SSL.new(lambda { |env|
- headers = {
- 'Content-Type' => "text/html",
- 'Set-Cookie' => ["id=1; path=/", "token=abc; path=/; HttpOnly"]
- }
- [200, headers, ["OK"]]
- })
-
- get "https://example.org/"
- assert_equal ["id=1; path=/; secure", "token=abc; path=/; HttpOnly; secure"],
- response.headers['Set-Cookie'].split("\n")
- end
-
def test_no_cookies
self.app = ActionDispatch::SSL.new(lambda { |env|
[200, {'Content-Type' => "text/html"}, ["OK"]]

0 comments on commit 041f4ee

Please sign in to comment.