kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Allow use of durations for ActionDispatch::SSL configuration

Browse source
This commit is contained in:
Andrew White 2013-01-04 16:14:24 +00:00
parent e752cb49f6
commit add4375a60
2 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
actionpack/lib/action_dispatch/middleware/ssl.rb
View file

@ -45,7 +45,7 @@ module ActionDispatch
# http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
def hsts_headers
if @hsts
value = "max-age=#{@hsts[:expires]}"
value = "max-age=#{@hsts[:expires].to_i}"
value += "; includeSubDomains" if @hsts[:subdomains]
{ 'Strict-Transport-Security' => value }
else

7
actionpack/test/dispatch/ssl_test.rb
View file

@ -57,6 +57,13 @@ class SSLTest < ActionDispatch::IntegrationTest
response.headers['Strict-Transport-Security']
end
def test_hsts_expires_with_duration
self.app = ActionDispatch::SSL.new(default_app, :hsts => { :expires => 1.year })
get "https://example.org/"
assert_equal "max-age=31557600",
response.headers['Strict-Transport-Security']
end
def test_hsts_include_subdomains
self.app = ActionDispatch::SSL.new(default_app, :hsts => { :subdomains => true })
get "https://example.org/"