Some refactoring and update ActionDispatch::SSL code to use the Rack 1.4.x

actionpack/lib/action_dispatch/middleware/ssl.rb

@@ -9,8 +9,8 @@ def self.default_hsts_options
     def initialize(app, options = {})
       @app = app
 
-      @hsts = options[:hsts]
-      @hsts = {} if @hsts.nil? || @hsts == true
+      @hsts = options.fetch(:hsts, {})
+      @hsts = {} if @hsts == true
       @hsts = self.class.default_hsts_options.merge(@hsts) if @hsts
 
       @exclude = options[:exclude]
@@ -19,33 +19,27 @@ def initialize(app, options = {})
     end
 
     def call(env)
-      if @exclude && @exclude.call(env)
-        @app.call(env)
-      elsif scheme(env) == 'https'
+      return @app.call(env) if exclude?(env)
+
+      request = Request.new(env)
+
+      if request.ssl?
         status, headers, body = @app.call(env)
         headers = hsts_headers.merge(headers)
         flag_cookies_as_secure!(headers)
         [status, headers, body]
       else
-        redirect_to_https(env)
+        redirect_to_https(request)
       end
     end
 
     private
-      # Fixed in rack >= 1.3
-      def scheme(env)
-        if env['HTTPS'] == 'on'
-          'https'
-        elsif env['HTTP_X_FORWARDED_PROTO']
-          env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
-        else
-          env['rack.url_scheme']
-        end
+      def exclude?(env)
+        @exclude && @exclude.call(env)
       end
 
-      def redirect_to_https(env)
-        req        = Request.new(env)
-        url        = URI(req.url)
+      def redirect_to_https(request)
+        url        = URI(request.url)
         url.scheme = "https"
         url.host   = @host if @host
         url.port   = @port if @port
@@ -68,11 +62,7 @@ def hsts_headers
 
       def flag_cookies_as_secure!(headers)
         if cookies = headers['Set-Cookie']
-          # Rack 1.1's set_cookie_header! will sometimes wrap
-          # Set-Cookie in an array
-          unless cookies.respond_to?(:to_ary)
-            cookies = cookies.split("\n")
-          end
+          cookies = cookies.split("\n")
 
           headers['Set-Cookie'] = cookies.map { |cookie|
             if cookie !~ /; secure(;|$)/

actionpack/test/dispatch/ssl_test.rb

@@ -90,20 +90,6 @@ def test_flag_cookies_as_secure_at_end_of_line
       response.headers['Set-Cookie'].split("\n")
   end
 
-  def test_legacy_array_headers
-    self.app = ActionDispatch::SSL.new(lambda { |env|
-      headers = {
-        'Content-Type' => "text/html",
-        'Set-Cookie' => ["id=1; path=/", "token=abc; path=/; HttpOnly"]
-      }
-      [200, headers, ["OK"]]
-    })
-
-    get "https://example.org/"
-    assert_equal ["id=1; path=/; secure", "token=abc; path=/; HttpOnly; secure"],
-      response.headers['Set-Cookie'].split("\n")
-  end
-
   def test_no_cookies
     self.app = ActionDispatch::SSL.new(lambda { |env|
       [200, {'Content-Type' => "text/html"}, ["OK"]]