class ActionDispatch::SSL

def normalize_hsts_options(options)

def normalize_hsts_options(options)
  case options
  # Explicitly disabling HSTS clears the existing setting from browsers
  # by setting expiry to 0.
  when false
    self.class.default_hsts_options.merge(expires: 0)
  # Default to enabled, with default options.
  when nil, true
    self.class.default_hsts_options
  else
    self.class.default_hsts_options.merge(options)
  end
end

Class Methods

:: default_hsts_options

Instance Methods