Skip to content
Browse files

Merge pull request #11069 from ykzts/actiondispatch-ssl-secure-flag-i…

…gonore-case

Flag cookies as secure with ignore case in ActionDispatch::SSL
  • Loading branch information...
1 parent 5941a0f commit 3ea80ade11ac73c50c36755bf1c2f98e099308c1 @guilleiguaran guilleiguaran committed Jun 24, 2013
Showing with 15 additions and 1 deletion.
  1. +1 −1 actionpack/lib/action_dispatch/middleware/ssl.rb
  2. +14 −0 actionpack/test/dispatch/ssl_test.rb
View
2 actionpack/lib/action_dispatch/middleware/ssl.rb
@@ -58,7 +58,7 @@ def flag_cookies_as_secure!(headers)
cookies = cookies.split("\n")
headers['Set-Cookie'] = cookies.map { |cookie|
- if cookie !~ /;\s+secure(;|$)/
+ if cookie !~ /;\s+secure(;|$)/i
"#{cookie}; secure"
else
cookie
View
14 actionpack/test/dispatch/ssl_test.rb
@@ -119,6 +119,20 @@ def test_flag_cookies_as_secure_with_more_spaces_after
response.headers['Set-Cookie'].split("\n")
end
+ def test_flag_cookies_as_secure_with_ignore_case
+ self.app = ActionDispatch::SSL.new(lambda { |env|
+ headers = {
+ 'Content-Type' => "text/html",
+ 'Set-Cookie' => "problem=def; path=/; Secure; HttpOnly"
+ }
+ [200, headers, ["OK"]]
+ })
+
+ get "https://example.org/"
+ assert_equal ["problem=def; path=/; Secure; HttpOnly"],
+ response.headers['Set-Cookie'].split("\n")
+ end
+
def test_no_cookies
self.app = ActionDispatch::SSL.new(lambda { |env|
[200, {'Content-Type' => "text/html"}, ["OK"]]

0 comments on commit 3ea80ad

Please sign in to comment.
Something went wrong with that request. Please try again.