From 3f8523130da1029ba64d00c03360a2c15f85d9d6 Mon Sep 17 00:00:00 2001 From: Justin Tracey Date: Tue, 16 Feb 2021 14:28:17 +0000 Subject: [PATCH] use host instead of headers to make Rack happy (#15741) "headers" is provided by Rails, Rack can't rely on it --- lib/action_dispatch/cookie_jar_extensions.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/action_dispatch/cookie_jar_extensions.rb b/lib/action_dispatch/cookie_jar_extensions.rb index f7ffb6cc75..492c04065d 100644 --- a/lib/action_dispatch/cookie_jar_extensions.rb +++ b/lib/action_dispatch/cookie_jar_extensions.rb @@ -7,7 +7,7 @@ module ActionDispatch # Monkey-patch ActionDispatch to serve secure cookies to Tor Hidden Service # users. Otherwise, ActionDispatch would drop the cookie over HTTP. def write_cookie?(*) - request.headers['Host'].ends_with?('.onion') || super + request.host.ends_with?('.onion') || super end end end @@ -17,7 +17,7 @@ ActionDispatch::Cookies::CookieJar.prepend(ActionDispatch::CookieJarExtensions) module Rack module SessionPersistedExtensions def security_matches?(request, options) - request.headers['Host'].ends_with?('.onion') || super + request.host.ends_with?('.onion') || super end end end