diff options
| author | Jim Jones <jjones@aantix.com> | 2012-08-18 15:29:58 -0700 |
|---|---|---|
| committer | Jim Jones <jjones@aantix.com> | 2012-08-18 15:29:58 -0700 |
| commit | 4848bf321b34cc06990bf6e3e10cbadaf992bc37 (patch) | |
| tree | c287546075524fa619e965de5ca315fd654ebf7e /actionpack/test/dispatch/response_test.rb | |
| parent | db78e58294c5e4ee6fb960c79f882c80b22afbcf (diff) | |
| download | rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.gz rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.bz2 rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.zip | |
Added X-Content-Type-Options to the header defaults.
With a value of "nosniff", this prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
Diffstat (limited to 'actionpack/test/dispatch/response_test.rb')
| -rw-r--r-- | actionpack/test/dispatch/response_test.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/actionpack/test/dispatch/response_test.rb b/actionpack/test/dispatch/response_test.rb index 71609d7340..4d699bd739 100644 --- a/actionpack/test/dispatch/response_test.rb +++ b/actionpack/test/dispatch/response_test.rb @@ -177,9 +177,10 @@ class ResponseTest < ActiveSupport::TestCase end end - test "read x_frame_options and x_xss_protection" do + test "read x_frame_options, x_content_type_options and x_xss_protection" do ActionDispatch::Response.default_headers = { 'X-Frame-Options' => 'DENY', + 'X-Content-Type-Options' => 'nosniff', 'X-XSS-Protection' => '1;' } resp = ActionDispatch::Response.new.tap { |response| @@ -188,6 +189,7 @@ class ResponseTest < ActiveSupport::TestCase resp.to_a assert_equal('DENY', resp.headers['X-Frame-Options']) + assert_equal('nosniff', resp.headers['X-Content-Type-Options']) assert_equal('1;', resp.headers['X-XSS-Protection']) end |