Permalink
Browse files

Allow use of durations for ActionDispatch::SSL configuration

  • Loading branch information...
1 parent e752cb4 commit add4375a603850518c93edc2b4d0334a80b5e73d @pixeltrix pixeltrix committed Jan 4, 2013
Showing with 8 additions and 1 deletion.
  1. +1 −1 actionpack/lib/action_dispatch/middleware/ssl.rb
  2. +7 −0 actionpack/test/dispatch/ssl_test.rb
View
2 actionpack/lib/action_dispatch/middleware/ssl.rb
@@ -45,7 +45,7 @@ def redirect_to_https(request)
# http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
def hsts_headers
if @hsts
- value = "max-age=#{@hsts[:expires]}"
+ value = "max-age=#{@hsts[:expires].to_i}"
value += "; includeSubDomains" if @hsts[:subdomains]
{ 'Strict-Transport-Security' => value }
else
View
7 actionpack/test/dispatch/ssl_test.rb
@@ -57,6 +57,13 @@ def test_hsts_expires
response.headers['Strict-Transport-Security']
end
+ def test_hsts_expires_with_duration
+ self.app = ActionDispatch::SSL.new(default_app, :hsts => { :expires => 1.year })
+ get "https://example.org/"
+ assert_equal "max-age=31557600",
+ response.headers['Strict-Transport-Security']
+ end
+
def test_hsts_include_subdomains
self.app = ActionDispatch::SSL.new(default_app, :hsts => { :subdomains => true })
get "https://example.org/"

0 comments on commit add4375

Please sign in to comment.