diff options
author | Aidan Haran <aidanharan@yahoo.com> | 2017-12-09 13:41:02 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-12-09 13:41:02 +0000 |
commit | 66f34a8ea58c8c98d9cc2651d386c9e5a0789d08 (patch) | |
tree | d24e9014cf9045abc892ba97ac993e2e26e31c7e /actionpack/test/controller/redirect_test.rb | |
parent | 3291fa3630c456450f8c6a9b771f77c293d036cd (diff) | |
parent | 55d4cf2a9c1a6e77ed7aedb866e964039bb4a143 (diff) | |
download | rails-66f34a8ea58c8c98d9cc2651d386c9e5a0789d08.tar.gz rails-66f34a8ea58c8c98d9cc2651d386c9e5a0789d08.tar.bz2 rails-66f34a8ea58c8c98d9cc2651d386c9e5a0789d08.zip |
Merge branch 'master' into custom-discarded-job-handling
Diffstat (limited to 'actionpack/test/controller/redirect_test.rb')
-rw-r--r-- | actionpack/test/controller/redirect_test.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb index e447b66486..2959dc3e4d 100644 --- a/actionpack/test/controller/redirect_test.rb +++ b/actionpack/test/controller/redirect_test.rb @@ -62,6 +62,10 @@ class RedirectController < ActionController::Base redirect_back(fallback_location: "/things/stuff", status: 307) end + def safe_redirect_back_with_status + redirect_back(fallback_location: "/things/stuff", status: 307, allow_other_host: false) + end + def host_redirect redirect_to action: "other_host", only_path: false, host: "other.test.host" end @@ -259,6 +263,23 @@ class RedirectTest < ActionController::TestCase assert_equal "http://test.host/things/stuff", redirect_to_url end + def test_safe_redirect_back_from_other_host + @request.env["HTTP_REFERER"] = "http://another.host/coming/from" + get :safe_redirect_back_with_status + + assert_response 307 + assert_equal "http://test.host/things/stuff", redirect_to_url + end + + def test_safe_redirect_back_from_the_same_host + referer = "http://test.host/coming/from" + @request.env["HTTP_REFERER"] = referer + get :safe_redirect_back_with_status + + assert_response 307 + assert_equal referer, redirect_to_url + end + def test_redirect_to_record with_routing do |set| set.draw do |