Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
041f4eec
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
041f4eec
编写于
3月 16, 2012
作者:
R
Rafael Mendonça França
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Some refactoring and update ActionDispatch::SSL code to use the Rack 1.4.x
上级
9ec63eb0
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
13 addition
and
37 deletion
+13
-37
actionpack/lib/action_dispatch/middleware/ssl.rb
actionpack/lib/action_dispatch/middleware/ssl.rb
+13
-23
actionpack/test/dispatch/ssl_test.rb
actionpack/test/dispatch/ssl_test.rb
+0
-14
未找到文件。
actionpack/lib/action_dispatch/middleware/ssl.rb
浏览文件 @
041f4eec
...
...
@@ -9,8 +9,8 @@ def self.default_hsts_options
def
initialize
(
app
,
options
=
{})
@app
=
app
@hsts
=
options
[
:hsts
]
@hsts
=
{}
if
@hsts
.
nil?
||
@hsts
==
true
@hsts
=
options
.
fetch
(
:hsts
,
{})
@hsts
=
{}
if
@hsts
==
true
@hsts
=
self
.
class
.
default_hsts_options
.
merge
(
@hsts
)
if
@hsts
@exclude
=
options
[
:exclude
]
...
...
@@ -19,33 +19,27 @@ def initialize(app, options = {})
end
def
call
(
env
)
if
@exclude
&&
@exclude
.
call
(
env
)
@app
.
call
(
env
)
elsif
scheme
(
env
)
==
'https'
return
@app
.
call
(
env
)
if
exclude?
(
env
)
request
=
Request
.
new
(
env
)
if
request
.
ssl?
status
,
headers
,
body
=
@app
.
call
(
env
)
headers
=
hsts_headers
.
merge
(
headers
)
flag_cookies_as_secure!
(
headers
)
[
status
,
headers
,
body
]
else
redirect_to_https
(
env
)
redirect_to_https
(
request
)
end
end
private
# Fixed in rack >= 1.3
def
scheme
(
env
)
if
env
[
'HTTPS'
]
==
'on'
'https'
elsif
env
[
'HTTP_X_FORWARDED_PROTO'
]
env
[
'HTTP_X_FORWARDED_PROTO'
].
split
(
','
)[
0
]
else
env
[
'rack.url_scheme'
]
end
def
exclude?
(
env
)
@exclude
&&
@exclude
.
call
(
env
)
end
def
redirect_to_https
(
env
)
req
=
Request
.
new
(
env
)
url
=
URI
(
req
.
url
)
def
redirect_to_https
(
request
)
url
=
URI
(
request
.
url
)
url
.
scheme
=
"https"
url
.
host
=
@host
if
@host
url
.
port
=
@port
if
@port
...
...
@@ -68,11 +62,7 @@ def hsts_headers
def
flag_cookies_as_secure!
(
headers
)
if
cookies
=
headers
[
'Set-Cookie'
]
# Rack 1.1's set_cookie_header! will sometimes wrap
# Set-Cookie in an array
unless
cookies
.
respond_to?
(
:to_ary
)
cookies
=
cookies
.
split
(
"
\n
"
)
end
cookies
=
cookies
.
split
(
"
\n
"
)
headers
[
'Set-Cookie'
]
=
cookies
.
map
{
|
cookie
|
if
cookie
!~
/; secure(;|$)/
...
...
actionpack/test/dispatch/ssl_test.rb
浏览文件 @
041f4eec
...
...
@@ -90,20 +90,6 @@ def test_flag_cookies_as_secure_at_end_of_line
response
.
headers
[
'Set-Cookie'
].
split
(
"
\n
"
)
end
def
test_legacy_array_headers
self
.
app
=
ActionDispatch
::
SSL
.
new
(
lambda
{
|
env
|
headers
=
{
'Content-Type'
=>
"text/html"
,
'Set-Cookie'
=>
[
"id=1; path=/"
,
"token=abc; path=/; HttpOnly"
]
}
[
200
,
headers
,
[
"OK"
]]
})
get
"https://example.org/"
assert_equal
[
"id=1; path=/; secure"
,
"token=abc; path=/; HttpOnly; secure"
],
response
.
headers
[
'Set-Cookie'
].
split
(
"
\n
"
)
end
def
test_no_cookies
self
.
app
=
ActionDispatch
::
SSL
.
new
(
lambda
{
|
env
|
[
200
,
{
'Content-Type'
=>
"text/html"
},
[
"OK"
]]
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录