Deprecate ActionController::Response#set_cookie :http_only option infavor of :httponly

actionpack/lib/action_controller/cookies.rb

@@ -41,7 +41,7 @@ module ActionController #:nodoc:
   # * <tt>:expires</tt> - The time at which this cookie expires, as a Time object.
   # * <tt>:secure</tt> - Whether this cookie is a only transmitted to HTTPS servers.
   #   Default is +false+.
-  # * <tt>:http_only</tt> - Whether this cookie is accessible via scripting or
+  # * <tt>:httponly</tt> - Whether this cookie is accessible via scripting or
   #   only HTTP. Defaults to +false+.
   module Cookies
     def self.included(base)

actionpack/lib/action_controller/response.rb

@@ -169,6 +169,9 @@ module ActionController # :nodoc:
 
     def set_cookie(key, value)
       if value.has_key?(:http_only)
+        ActiveSupport::Deprecation.warn(
+          "The :http_only option in ActionController::Response#set_cookie " +
+          "has been renamed. Please use :httponly instead.", caller)
         value[:httponly] ||= value.delete(:http_only)
       end
 

actionpack/test/controller/cookie_test.rb

@@ -33,7 +33,7 @@ class CookieTest < ActionController::TestCase
     end
 
     def authenticate_with_http_only
-      cookies["user_name"] = { :value => "david", :http_only => true }
+      cookies["user_name"] = { :value => "david", :httponly => true }
     end
 
     def rescue_action(e)