lib/secure_headers/middleware.rb in secure_headers-3.9.0 vs lib/secure_headers/middleware.rb in secure_headers-4.0.0.alpha01

@@ -1,5 +1,6 @@
+# frozen_string_literal: true
 module SecureHeaders
   class Middleware
     HPKP_SAME_HOST_WARNING = "[WARNING] HPKP report host should not be the same as the request host. See https://github.com/twitter/secureheaders/issues/166"
 
     def initialize(app)
@@ -23,36 +24,36 @@
 
     private
 
     # inspired by https://github.com/tobmatth/rack-ssl-enforcer/blob/6c014/lib/rack/ssl-enforcer.rb#L183-L194
     def flag_cookies!(headers, config)
-      if cookies = headers['Set-Cookie']
+      if cookies = headers["Set-Cookie"]
         # Support Rails 2.3 / Rack 1.1 arrays as headers
         cookies = cookies.split("\n") unless cookies.is_a?(Array)
 
-        headers['Set-Cookie'] = cookies.map do |cookie|
+        headers["Set-Cookie"] = cookies.map do |cookie|
           SecureHeaders::Cookie.new(cookie, config).to_s
         end.join("\n")
       end
     end
 
     # disable Secure cookies for non-https requests
     def override_secure(env, config = {})
-      if scheme(env) != 'https'
-        config.merge!(secure: false)
+      if scheme(env) != "https"
+        config[:secure] = OPT_OUT
       end
 
       config
     end
 
     # derived from https://github.com/tobmatth/rack-ssl-enforcer/blob/6c014/lib/rack/ssl-enforcer.rb#L119
     def scheme(env)
-      if env['HTTPS'] == 'on' || env['HTTP_X_SSL_REQUEST'] == 'on'
-        'https'
-      elsif env['HTTP_X_FORWARDED_PROTO']
-        env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
+      if env["HTTPS"] == "on" || env["HTTP_X_SSL_REQUEST"] == "on"
+        "https"
+      elsif env["HTTP_X_FORWARDED_PROTO"]
+        env["HTTP_X_FORWARDED_PROTO"].split(",")[0]
       else
-        env['rack.url_scheme']
+        env["rack.url_scheme"]
       end
     end
   end
 end