diff options
| author | Matthew Draper <matthew@trebex.net> | 2016-10-11 12:28:38 +1030 |
|---|---|---|
| committer | Matthew Draper <matthew@trebex.net> | 2016-10-11 12:28:38 +1030 |
| commit | f8c53eff7be9a5670e3c0da5851312977becb308 (patch) | |
| tree | 280b4a0070cbc7a275ca79eaf3bd1bcf298697da /actioncable/test/connection | |
| parent | bc9dc418259f1db0f14ed895e8469b7839ef474b (diff) | |
| parent | 268c340b0909bd78259e58b1ed0b53133d924199 (diff) | |
| download | rails-f8c53eff7be9a5670e3c0da5851312977becb308.tar.gz rails-f8c53eff7be9a5670e3c0da5851312977becb308.tar.bz2 rails-f8c53eff7be9a5670e3c0da5851312977becb308.zip | |
Merge pull request #26568 from skateman/cable-sameorigin-as-host
Optionally allow ActionCable requests from the same host as origin
Diffstat (limited to 'actioncable/test/connection')
| -rw-r--r-- | actioncable/test/connection/cross_site_forgery_test.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/actioncable/test/connection/cross_site_forgery_test.rb b/actioncable/test/connection/cross_site_forgery_test.rb index 3bc59c9db9..6cabff5440 100644 --- a/actioncable/test/connection/cross_site_forgery_test.rb +++ b/actioncable/test/connection/cross_site_forgery_test.rb @@ -18,6 +18,7 @@ class ActionCable::Connection::CrossSiteForgeryTest < ActionCable::TestCase teardown do @server.config.disable_request_forgery_protection = false @server.config.allowed_request_origins = [] + @server.config.allow_same_origin_as_host = false end test "disable forgery protection" do @@ -53,6 +54,13 @@ class ActionCable::Connection::CrossSiteForgeryTest < ActionCable::TestCase assert_origin_not_allowed "http://rails.co.uk" end + test "allow same origin as host" do + @server.config.allow_same_origin_as_host = true + assert_origin_allowed "http://#{HOST}" + assert_origin_not_allowed "http://hax.com" + assert_origin_not_allowed "http://rails.co.uk" + end + private def assert_origin_allowed(origin) response = connect_with_origin origin |