enforce-ssl 0.2.1 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
@@ -13,7 +13,7 @@ module EnforceSsl
|
|
13
13
|
# use only if max_age is set and only in production mode since it
|
14
14
|
# needs a proper (not self-signed) certificate
|
15
15
|
if Rails.configuration.hsts_max_age && Rails.env == "production"
|
16
|
-
subdomain = Rails.configuration.
|
16
|
+
subdomain = Rails.configuration.hsts_include_sub_domain == true ? " ; includeSubDomains" : ""
|
17
17
|
controller. response.headers['Strict-Transport-Security'] = "max-age=#{Rails.configuration.hsts_max_age.to_i}" + subdomain
|
18
18
|
|
19
19
|
end
|
@@ -17,7 +17,7 @@ module EnforceSsl
|
|
17
17
|
# use only if max_age is set and only in production mode since it
|
18
18
|
# needs a proper (not self-signed) certificate
|
19
19
|
if Rails.configuration.hsts_max_age && Rails.env == "production"
|
20
|
-
subdomain = Rails.configuration.
|
20
|
+
subdomain = Rails.configuration.hsts_include_sub_domain == true ? " ; includeSubDomains" : ""
|
21
21
|
@headers['Strict-Transport-Security'] = "max-age=#{Rails.configuration.hsts_max_age.to_i}" + subdomain
|
22
22
|
|
23
23
|
end
|