Configurable redirect and secure cookies for ActionDispatch::SSL #22826
This PR provides a greater degree of configurability to the middleware, allowing the secure cookies functionality and the redirect to be turned off, but defaulting to leaving them on (which, to be sure, is the sensible and secure default).
This change provides more flexibility for those who want it (e.g. in our setup we handle the redirect in nginx, and would prefer Rails not to do it) with no cost in terms of backwards compatibility or ease of use.
Thanks for the pull request, and welcome! The Rails team is excited to review your changes, and you should hear from @matthewd (or someone else) soon.
If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes.
Please see the contribution instructions for more information.