diff options
| author | Ryuta Kamizono <kamipo@gmail.com> | 2019-01-26 10:14:07 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-26 10:14:07 +0900 |
| commit | d05bfa6e37c43211a8416ae49e5d255097eb0bc6 (patch) | |
| tree | c457b64219ab7851f5959b5919e9c888d1c595e8 | |
| parent | 7a1254cdb527ca29e05c74451c2d3e6448dac1ec (diff) | |
| parent | 5fc9c4fbdc5f3aa174eb466ccde0ef28ead88fd6 (diff) | |
| download | rails-d05bfa6e37c43211a8416ae49e5d255097eb0bc6.tar.gz rails-d05bfa6e37c43211a8416ae49e5d255097eb0bc6.tar.bz2 rails-d05bfa6e37c43211a8416ae49e5d255097eb0bc6.zip | |
Merge pull request #35054 from bogdanvlviv/exercise-redirect_back
Ensure that `redirect_back` with `fallback_location` to another host is allowed
| -rw-r--r-- | actionpack/test/controller/redirect_test.rb | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb index 998498e1b2..7f1c41787a 100644 --- a/actionpack/test/controller/redirect_test.rb +++ b/actionpack/test/controller/redirect_test.rb @@ -68,10 +68,18 @@ class RedirectController < ActionController::Base redirect_back(fallback_location: "/things/stuff", status: 307) end + def redirect_back_with_status_and_fallback_location_to_another_host + redirect_back(fallback_location: "http://www.rubyonrails.org/", status: 307) + end + def safe_redirect_back_with_status redirect_back(fallback_location: "/things/stuff", status: 307, allow_other_host: false) end + def safe_redirect_back_with_status_and_fallback_location_to_another_host + redirect_back(fallback_location: "http://www.rubyonrails.org/", status: 307, allow_other_host: false) + end + def host_redirect redirect_to action: "other_host", only_path: false, host: "other.test.host" end @@ -280,6 +288,13 @@ class RedirectTest < ActionController::TestCase assert_equal "http://test.host/things/stuff", redirect_to_url end + def test_redirect_back_with_no_referer_redirects_to_another_host + get :redirect_back_with_status_and_fallback_location_to_another_host + + assert_response 307 + assert_equal "http://www.rubyonrails.org/", redirect_to_url + end + def test_safe_redirect_back_from_other_host @request.env["HTTP_REFERER"] = "http://another.host/coming/from" get :safe_redirect_back_with_status @@ -297,6 +312,20 @@ class RedirectTest < ActionController::TestCase assert_equal referer, redirect_to_url end + def test_safe_redirect_back_with_no_referer + get :safe_redirect_back_with_status + + assert_response 307 + assert_equal "http://test.host/things/stuff", redirect_to_url + end + + def test_safe_redirect_back_with_no_referer_redirects_to_another_host + get :safe_redirect_back_with_status_and_fallback_location_to_another_host + + assert_response 307 + assert_equal "http://www.rubyonrails.org/", redirect_to_url + end + def test_redirect_to_record with_routing do |set| set.draw do |