Merge pull request #11069 from ykzts/actiondispatch-ssl-secure-flag-igonore-case

Flag cookies as secure with ignore case in ActionDispatch::SSL
2022-11-09 12:12:34 -05:00 · 2013-06-24 14:24:03 -07:00 · 2013-06-24 14:24:03 -07:00 · d6bc2fa5a9
commit d6bc2fa5a9
parent a6dd2ed4af 891fd78cd7
2 changed files with 15 additions and 1 deletions
--- a/actionpack/lib/action_dispatch/middleware/ssl.rb
+++ b/actionpack/lib/action_dispatch/middleware/ssl.rb
@ -57,7 +57,7 @@ module ActionDispatch
          cookies = cookies.split("\n")

          headers['Set-Cookie'] = cookies.map { |cookie|
-            if cookie !~ /;\s+secure(;|$)/
+            if cookie !~ /;\s+secure(;|$)/i
              "#{cookie}; secure"
            else
              cookie
--- a/actionpack/test/dispatch/ssl_test.rb
+++ b/actionpack/test/dispatch/ssl_test.rb
@ -124,6 +124,20 @@ class SSLTest < ActionDispatch::IntegrationTest
      response.headers['Set-Cookie'].split("\n")
  end

+  def test_flag_cookies_as_secure_with_ignore_case
+    self.app = ActionDispatch::SSL.new(lambda { |env|
+      headers = {
+        'Content-Type' => "text/html",
+        'Set-Cookie' => "problem=def; path=/; Secure; HttpOnly"
+      }
+      [200, headers, ["OK"]]
+    })
+
+    get "https://example.org/"
+    assert_equal ["problem=def; path=/; Secure; HttpOnly"],
+      response.headers['Set-Cookie'].split("\n")
+  end
+
  def test_no_cookies
    self.app = ActionDispatch::SSL.new(lambda { |env|
      [200, {'Content-Type' => "text/html"}, ["OK"]]