aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorogeidix <diegogiorgini@gmail.com>2011-07-19 22:05:16 +0200
committerogeidix <diegogiorgini@gmail.com>2011-07-19 22:05:16 +0200
commit1ac802fe3c79fc2838253e71e4f32e3f1710f8f1 (patch)
treeff5076f4ee19716cb60af92342482801ed083f9b
parent37418e546834a034d1ad923f3f46f9b14f87d7a6 (diff)
downloadrails-1ac802fe3c79fc2838253e71e4f32e3f1710f8f1.tar.gz
rails-1ac802fe3c79fc2838253e71e4f32e3f1710f8f1.tar.bz2
rails-1ac802fe3c79fc2838253e71e4f32e3f1710f8f1.zip
Check Accept and Content-Type headers before evaluating them in xhr requests. Closes #2119
An xhr request must have an "Accept" or "Content-type" header in order to be considered a request with valid_accept_header.
Diffstat
-rw-r--r--actionpack/lib/action_dispatch/http/mime_negotiation.rb3
-rw-r--r--actionpack/test/dispatch/request_test.rb6
2 files changed, 8 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/http/mime_negotiation.rb b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
index 980c658ab7..5c48a60469 100644
--- a/actionpack/lib/action_dispatch/http/mime_negotiation.rb
+++ b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
@@ -98,7 +98,8 @@ module ActionDispatch
BROWSER_LIKE_ACCEPTS = /,\s*\*\/\*|\*\/\*\s*,/
def valid_accept_header
- xhr? || (accept && accept !~ BROWSER_LIKE_ACCEPTS)
+ (xhr? && (accept || content_mime_type)) ||
+ (accept && accept !~ BROWSER_LIKE_ACCEPTS)
end
def use_accept_header
diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb
index 25b1b4f745..060bcfb5ec 100644
--- a/actionpack/test/dispatch/request_test.rb
+++ b/actionpack/test/dispatch/request_test.rb
@@ -468,6 +468,12 @@ class RequestTest < ActiveSupport::TestCase
assert request.formats.empty?
end
+ test "formats with xhr request" do
+ request = stub_request 'HTTP_X_REQUESTED_WITH' => "XMLHttpRequest"
+ request.expects(:parameters).at_least_once.returns({})
+ assert_equal [Mime::JS], request.formats
+ end
+
test "ignore_accept_header" do
ActionDispatch::Request.ignore_accept_header = true
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-17 01:51:33 +0000