Restore cookie store httponly default to true. Remove extraneous dup of options on initialization [#1784 state:resolved]
Signed-off-by: Joshua Peek <josh@joshpeek.com>
This commit is contained in:
parent
9cefd5ea0c
commit
c090e5e075
|
@ -45,7 +45,7 @@ module ActionController
|
|||
:domain => nil,
|
||||
:path => "/",
|
||||
:expire_after => nil,
|
||||
:httponly => false
|
||||
:httponly => true
|
||||
}.freeze
|
||||
|
||||
ENV_SESSION_KEY = "rack.session".freeze
|
||||
|
@ -56,8 +56,6 @@ module ActionController
|
|||
class CookieOverflow < StandardError; end
|
||||
|
||||
def initialize(app, options = {})
|
||||
options = options.dup
|
||||
|
||||
# Process legacy CGI options
|
||||
options = options.symbolize_keys
|
||||
if options.has_key?(:session_path)
|
||||
|
|
|
@ -94,7 +94,7 @@ class CookieStoreTest < ActionController::IntegrationTest
|
|||
with_test_route_set do
|
||||
get '/set_session_value'
|
||||
assert_response :success
|
||||
assert_equal ["_myapp_session=#{response.body}; path=/"],
|
||||
assert_equal ["_myapp_session=#{response.body}; path=/; httponly"],
|
||||
headers['Set-Cookie']
|
||||
end
|
||||
end
|
||||
|
@ -148,7 +148,7 @@ class CookieStoreTest < ActionController::IntegrationTest
|
|||
get '/set_session_value'
|
||||
assert_response :success
|
||||
session_payload = response.body
|
||||
assert_equal ["_myapp_session=#{response.body}; path=/"],
|
||||
assert_equal ["_myapp_session=#{response.body}; path=/; httponly"],
|
||||
headers['Set-Cookie']
|
||||
|
||||
get '/call_reset_session'
|
||||
|
|
Loading…
Reference in New Issue