diff options
author | Jeffrey Guenther <guenther.jeffrey@gmail.com> | 2017-12-14 19:03:28 -0800 |
---|---|---|
committer | Jeffrey Guenther <guenther.jeffrey@gmail.com> | 2017-12-14 19:03:28 -0800 |
commit | 1c5358e4729ce48b0e597d0b39d22f3b1c42f6fc (patch) | |
tree | ea060a71e57ec1e6366a33f7e40be14ea2f0d64b /actionpack/test/dispatch/response_test.rb | |
parent | ab2a95db8088b7607017671b82e396bcd9e80332 (diff) | |
parent | cc0d272c8c37c197a7e68633e5f082eccb2e3737 (diff) | |
download | rails-1c5358e4729ce48b0e597d0b39d22f3b1c42f6fc.tar.gz rails-1c5358e4729ce48b0e597d0b39d22f3b1c42f6fc.tar.bz2 rails-1c5358e4729ce48b0e597d0b39d22f3b1c42f6fc.zip |
Merge branch 'master' into activestorage-guide
Diffstat (limited to 'actionpack/test/dispatch/response_test.rb')
-rw-r--r-- | actionpack/test/dispatch/response_test.rb | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/actionpack/test/dispatch/response_test.rb b/actionpack/test/dispatch/response_test.rb index c4ee3add2a..4e350162c9 100644 --- a/actionpack/test/dispatch/response_test.rb +++ b/actionpack/test/dispatch/response_test.rb @@ -311,13 +311,15 @@ class ResponseTest < ActiveSupport::TestCase end end - test "read x_frame_options, x_content_type_options and x_xss_protection" do + test "read x_frame_options, x_content_type_options, x_xss_protection, x_download_options and x_permitted_cross_domain_policies" do original_default_headers = ActionDispatch::Response.default_headers begin ActionDispatch::Response.default_headers = { "X-Frame-Options" => "DENY", "X-Content-Type-Options" => "nosniff", - "X-XSS-Protection" => "1;" + "X-XSS-Protection" => "1;", + "X-Download-Options" => "noopen", + "X-Permitted-Cross-Domain-Policies" => "none" } resp = ActionDispatch::Response.create.tap { |response| response.body = "Hello" @@ -327,6 +329,8 @@ class ResponseTest < ActiveSupport::TestCase assert_equal("DENY", resp.headers["X-Frame-Options"]) assert_equal("nosniff", resp.headers["X-Content-Type-Options"]) assert_equal("1;", resp.headers["X-XSS-Protection"]) + assert_equal("noopen", resp.headers["X-Download-Options"]) + assert_equal("none", resp.headers["X-Permitted-Cross-Domain-Policies"]) ensure ActionDispatch::Response.default_headers = original_default_headers end |