Merge pull request #20559 from mtsmfm/fix-header-modification-by-ssl
ActionDispatch::SSL should keep original header's behavior
This commit is contained in:
commit
db62081235
@ -22,7 +22,7 @@ def call(env)
|
||||
|
||||
if request.ssl?
|
||||
status, headers, body = @app.call(env)
|
||||
headers = hsts_headers.merge(headers)
|
||||
headers.reverse_merge!(hsts_headers)
|
||||
flag_cookies_as_secure!(headers)
|
||||
[status, headers, body]
|
||||
else
|
||||
|
@ -216,4 +216,15 @@ def test_redirect_to_secure_subdomain_when_on_deep_subdomain
|
||||
assert_equal "https://example.co.uk/path?key=value",
|
||||
response.headers['Location']
|
||||
end
|
||||
|
||||
def test_keeps_original_headers_behavior
|
||||
headers = Rack::Utils::HeaderHash.new(
|
||||
"Content-Type" => "text/html",
|
||||
"Connection" => ["close"]
|
||||
)
|
||||
self.app = ActionDispatch::SSL.new(lambda { |env| [200, headers, ["OK"]] })
|
||||
|
||||
get "https://example.org/"
|
||||
assert_equal "close", response.headers["Connection"]
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user