Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
efd3338b
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
未验证
提交
efd3338b
编写于
2月 24, 2018
作者:
G
Guillermo Iguaran
提交者:
GitHub
2月 24, 2018
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #31720 from grantbdev/update_default_hsts_max_age
Update default HSTS max-age value to 1 year
上级
c113bdc9
697dd48b
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
6 addition
and
7 deletion
+6
-7
actionpack/lib/action_dispatch/middleware/ssl.rb
actionpack/lib/action_dispatch/middleware/ssl.rb
+4
-5
actionpack/test/dispatch/ssl_test.rb
actionpack/test/dispatch/ssl_test.rb
+2
-2
未找到文件。
actionpack/lib/action_dispatch/middleware/ssl.rb
浏览文件 @
efd3338b
...
...
@@ -26,8 +26,8 @@ module ActionDispatch
# Set +config.ssl_options+ with <tt>hsts: { ... }</tt> to configure HSTS:
#
# * +expires+: How long, in seconds, these settings will stick. The minimum
# required to qualify for browser preload lists is 1
8 weeks
. Defaults to
# 1
80 days
(recommended).
# required to qualify for browser preload lists is 1
year
. Defaults to
# 1
year
(recommended).
#
# * +subdomains+: Set to +true+ to tell the browser to apply these settings
# to all subdomains. This protects your cookies from interception by a
...
...
@@ -47,9 +47,8 @@ module ActionDispatch
class
SSL
# :stopdoc:
# Default to 180 days, the low end for https://www.ssllabs.com/ssltest/
# and greater than the 18-week requirement for browser preload lists.
HSTS_EXPIRES_IN
=
15552000
# Default to 1 year, the minimum for browser preload lists.
HSTS_EXPIRES_IN
=
31536000
def
self
.
default_hsts_options
{
expires:
HSTS_EXPIRES_IN
,
subdomains:
true
,
preload:
false
}
...
...
actionpack/test/dispatch/ssl_test.rb
浏览文件 @
efd3338b
...
...
@@ -98,8 +98,8 @@ def assert_post_redirected(redirect: {}, from: "http://a/b?c=d",
end
class
StrictTransportSecurityTest
<
SSLTest
EXPECTED
=
"max-age=
15552
000"
EXPECTED_WITH_SUBDOMAINS
=
"max-age=
15552
000; includeSubDomains"
EXPECTED
=
"max-age=
31536
000"
EXPECTED_WITH_SUBDOMAINS
=
"max-age=
31536
000; includeSubDomains"
def
assert_hsts
(
expected
,
url:
"https://example.org"
,
hsts:
{
subdomains:
true
},
headers:
{})
self
.
app
=
build_app
ssl_options:
{
hsts:
hsts
},
headers:
headers
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录