aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch/cookies_test.rb
diff options
context:
space:
mode:
authorAndrew White <andyw@pixeltrix.co.uk>2010-10-22 15:34:45 +0100
committerAndrew White <andyw@pixeltrix.co.uk>2010-10-25 16:36:35 +0100
commit2d5a12a50bcd83fcc99865de759b82e661b28698 (patch)
tree9adf7180e8ad739d69a6fc46e46955d6d6969a47 /actionpack/test/dispatch/cookies_test.rb
parentcdce5fc8860982afa63bfa82f6a752972e7f7d19 (diff)
downloadrails-2d5a12a50bcd83fcc99865de759b82e661b28698.tar.gz
rails-2d5a12a50bcd83fcc99865de759b82e661b28698.tar.bz2
rails-2d5a12a50bcd83fcc99865de759b82e661b28698.zip
Don't write out secure cookies unless the request is secure
Diffstat (limited to 'actionpack/test/dispatch/cookies_test.rb')
-rw-r--r--actionpack/test/dispatch/cookies_test.rb23
1 files changed, 23 insertions, 0 deletions
diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb
index efdc1f5d93..faeae91f6b 100644
--- a/actionpack/test/dispatch/cookies_test.rb
+++ b/actionpack/test/dispatch/cookies_test.rb
@@ -135,11 +135,25 @@ class CookiesTest < ActionController::TestCase
end
def test_setting_cookie_with_secure
+ @request.env["HTTPS"] = "on"
get :authenticate_with_secure
assert_cookie_header "user_name=david; path=/; secure"
assert_equal({"user_name" => "david"}, @response.cookies)
end
+ def test_setting_cookie_with_secure_in_development
+ Rails.env.stubs(:development?).returns(true)
+ get :authenticate_with_secure
+ assert_cookie_header "user_name=david; path=/; secure"
+ assert_equal({"user_name" => "david"}, @response.cookies)
+ end
+
+ def test_not_setting_cookie_with_secure
+ get :authenticate_with_secure
+ assert_not_cookie_header "user_name=david; path=/; secure"
+ assert_not_equal({"user_name" => "david"}, @response.cookies)
+ end
+
def test_multiple_cookies
get :set_multiple_cookies
assert_equal 2, @response.cookies.size
@@ -286,4 +300,13 @@ class CookiesTest < ActionController::TestCase
assert_equal expected.split("\n"), header
end
end
+
+ def assert_not_cookie_header(expected)
+ header = @response.headers["Set-Cookie"]
+ if header.respond_to?(:to_str)
+ assert_not_equal expected.split("\n").sort, header.split("\n").sort
+ else
+ assert_not_equal expected.split("\n"), header
+ end
+ end
end