diff options
author | Rafael França <rafaelmfranca@gmail.com> | 2017-10-10 12:51:02 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-10 12:51:02 -0400 |
commit | b205ea2dc6c70b2b8e2134640e3056ed33fdc6be (patch) | |
tree | 1550282b0ef4e2213278a9c63d8cd935f45d8163 /actionpack/test/controller/redirect_test.rb | |
parent | 8e314160a40c32abeab889777661b1a9bb6ae815 (diff) | |
parent | 0db6a14ae16b143e078375ff7f3c940cf707290b (diff) | |
download | rails-b205ea2dc6c70b2b8e2134640e3056ed33fdc6be.tar.gz rails-b205ea2dc6c70b2b8e2134640e3056ed33fdc6be.tar.bz2 rails-b205ea2dc6c70b2b8e2134640e3056ed33fdc6be.zip |
Merge pull request #30850 from timsly/safe-redirect-back
Add allow_other_host option to redirect_back method
Diffstat (limited to 'actionpack/test/controller/redirect_test.rb')
-rw-r--r-- | actionpack/test/controller/redirect_test.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb index e447b66486..2959dc3e4d 100644 --- a/actionpack/test/controller/redirect_test.rb +++ b/actionpack/test/controller/redirect_test.rb @@ -62,6 +62,10 @@ class RedirectController < ActionController::Base redirect_back(fallback_location: "/things/stuff", status: 307) end + def safe_redirect_back_with_status + redirect_back(fallback_location: "/things/stuff", status: 307, allow_other_host: false) + end + def host_redirect redirect_to action: "other_host", only_path: false, host: "other.test.host" end @@ -259,6 +263,23 @@ class RedirectTest < ActionController::TestCase assert_equal "http://test.host/things/stuff", redirect_to_url end + def test_safe_redirect_back_from_other_host + @request.env["HTTP_REFERER"] = "http://another.host/coming/from" + get :safe_redirect_back_with_status + + assert_response 307 + assert_equal "http://test.host/things/stuff", redirect_to_url + end + + def test_safe_redirect_back_from_the_same_host + referer = "http://test.host/coming/from" + @request.env["HTTP_REFERER"] = referer + get :safe_redirect_back_with_status + + assert_response 307 + assert_equal referer, redirect_to_url + end + def test_redirect_to_record with_routing do |set| set.draw do |