From 0cce70082bdf1ea0ac0ce51ae9008112dec0d831 Mon Sep 17 00:00:00 2001 From: Snider Date: Fri, 20 Feb 2026 23:15:29 +0000 Subject: [PATCH] fix: correct misleading IsDevelopment comments in WithSecure Co-Authored-By: Virgil --- options.go | 4 ++-- secure_test.go | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/options.go b/options.go index ea4bcef..281aec0 100644 --- a/options.go +++ b/options.go @@ -104,8 +104,8 @@ func WithSwagger(title, description, version string) Option { // WithSecure adds security headers middleware via gin-contrib/secure. // Default policy sets HSTS (1 year, includeSubDomains), X-Frame-Options DENY, // X-Content-Type-Options nosniff, and Referrer-Policy strict-origin-when-cross-origin. -// SSL redirect is disabled (IsDevelopment=true) so the middleware works behind -// a reverse proxy that terminates TLS. +// SSL redirect is not enabled so the middleware works behind a reverse proxy +// that terminates TLS. func WithSecure() Option { return func(e *Engine) { e.middlewares = append(e.middlewares, secure.New(secure.Config{ diff --git a/secure_test.go b/secure_test.go index 1b18a8f..efcdf75 100644 --- a/secure_test.go +++ b/secure_test.go @@ -144,9 +144,9 @@ func TestWithSecure_Good_CombinesWithOtherMiddleware(t *testing.T) { } } -func TestWithSecure_Bad_NoSSLRedirectInDevMode(t *testing.T) { - // The default WithSecure() uses IsDevelopment=true to avoid SSL redirects - // in test/dev environments. Verify plain HTTP requests are not redirected. +func TestWithSecure_Bad_NoSSLRedirect(t *testing.T) { + // SSL redirect is not enabled — the middleware runs behind a TLS-terminating + // reverse proxy. Verify plain HTTP requests are not redirected. gin.SetMode(gin.TestMode) e, _ := api.New(api.WithSecure()) @@ -157,7 +157,7 @@ func TestWithSecure_Bad_NoSSLRedirectInDevMode(t *testing.T) { // Should get 200, not a 301/302 redirect. if w.Code != http.StatusOK { - t.Fatalf("expected 200 (no SSL redirect in dev mode), got %d", w.Code) + t.Fatalf("expected 200 (no SSL redirect), got %d", w.Code) } }