Version 4.1.0

Author: bodrovis

.travis.yml

@@ -4,11 +4,12 @@ cache: bundler
 rvm:
   - 2.5.7
   - 2.6.5
+  - 2.7.0
 
 before_install:
   - gem update bundler
 
 env:
   - 'TEST_RAILS_VERSION="~> 5.1.6"'
   - 'TEST_RAILS_VERSION="~> 5.2.3"'
-  - 'TEST_RAILS_VERSION="~> 6.0.0"'
+  - 'TEST_RAILS_VERSION="~> 6.0.0"'

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 4.1.0 (03-Feb-20)
+
+* Added a new [`angular_rails_csrf_secure` option](https://github.com/jsanders/angular_rails_csrf#secure-cookie) (thanks, [@DougKeller](https://github.com/DougKeller))
+* Tested against Ruby 2.7
+
 ## 4.0.1 (23-Dec-19)
 
 * Updated dependencies, tested against more recent Rubies and Rails

LICENSE

@@ -1,4 +1,4 @@
-Copyright 2018 James Sanders, Ilya Bodrov
+Copyright 2020 James Sanders, Ilya Bodrov
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

README.md

@@ -52,14 +52,28 @@ end
 
 If `angular_rails_csrf_domain` is not set, it defaults to `nil`.
 
+### Secure Cookie
+
+To set a "secure" flag for the cookie, set the `angular_rails_csrf_secure` option to `true`:
+
+```ruby
+# application.rb
+class Application < Rails::Application
+  #...
+  config.angular_rails_csrf_secure = true
+end
+```
+
+`angular_rails_csrf_secure` defaults to `false`.
+
 ### Exclusions
 
 Sometimes you will want to skip setting the XSRF token for certain controllers (for example, when using SSE or ActionCable, as discussed [here](https://github.com/jsanders/angular_rails_csrf/issues/7)):
 
 ```ruby
 class ExclusionsController < ApplicationController
   exclude_xsrf_token_cookie
-  
+
   # your actions here...
 end
 ```
@@ -78,6 +92,6 @@ and then
 $ rake test
 ```
 
-## License 
+## License
 
 Licensed under the [MIT License](https://github.com/jsanders/angular_rails_csrf/blob/master/LICENSE).

lib/angular_rails_csrf/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AngularRailsCsrf
-  VERSION = '4.0.1'
+  VERSION = '4.1.0'
 end

test/angular_rails_csrf_test.rb

@@ -32,32 +32,36 @@ class AngularRailsCsrfTest < ActionController::TestCase
   end
 
   test 'the domain is used if present' do
-    config = Rails.application.config
-    def config.angular_rails_csrf_domain
-      :all
-    end
+    begin
+      config = Rails.application.config
+      def config.angular_rails_csrf_domain
+        :all
+      end
 
-    get :index
-    assert @response.headers['Set-Cookie'].include?('.test.host')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_domain')
+      get :index
+      assert @response.headers['Set-Cookie'].include?('.test.host')
+      assert_valid_cookie
+      assert_response :success
+    ensure
+      config.instance_eval('undef :angular_rails_csrf_domain', __FILE__, __LINE__)
+    end
   end
 
   test 'the secure flag is set if configured' do
-    @request.headers['HTTPS'] = 'on'
+    begin
+      @request.headers['HTTPS'] = 'on'
 
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_secure) { true }
+      config = Rails.application.config
+      config.define_singleton_method(:angular_rails_csrf_secure) { true }
 
-    get :index
-    assert @response.headers['Set-Cookie'].include?('secure')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    @request.headers['HTTPS'] = nil
-    config.instance_eval('undef :angular_rails_csrf_secure')
+      get :index
+      assert @response.headers['Set-Cookie'].include?('secure')
+      assert_valid_cookie
+      assert_response :success
+    ensure
+      @request.headers['HTTPS'] = nil
+      config.instance_eval('undef :angular_rails_csrf_secure', __FILE__, __LINE__)
+    end
   end
 
   test 'a custom name is used if present' do