Permalink
Browse files

Merge pull request #20559 from mtsmfm/fix-header-modification-by-ssl

ActionDispatch::SSL should keep original header's behavior
  • Loading branch information...
guilleiguaran committed Jun 14, 2015
2 parents 9e9cae7 + bb0186c commit db620812354c39b928d4ac6a8fc05437c54031cc
Showing with 12 additions and 1 deletion.
  1. +1 −1 actionpack/lib/action_dispatch/middleware/ssl.rb
  2. +11 −0 actionpack/test/dispatch/ssl_test.rb
@@ -22,7 +22,7 @@ def call(env)
if request.ssl?
status, headers, body = @app.call(env)
headers = hsts_headers.merge(headers)
headers.reverse_merge!(hsts_headers)
flag_cookies_as_secure!(headers)
[status, headers, body]
else
@@ -216,4 +216,15 @@ def test_redirect_to_secure_subdomain_when_on_deep_subdomain
assert_equal "https://example.co.uk/path?key=value",
response.headers['Location']
end
def test_keeps_original_headers_behavior
headers = Rack::Utils::HeaderHash.new(
"Content-Type" => "text/html",
"Connection" => ["close"]
)
self.app = ActionDispatch::SSL.new(lambda { |env| [200, headers, ["OK"]] })
get "https://example.org/"
assert_equal "close", response.headers["Connection"]
end
end

0 comments on commit db62081

Please sign in to comment.