diff options
| author | Simon Dawson <spdawson@gmail.com> | 2017-12-05 07:13:48 +0000 |
|---|---|---|
| committer | Jeremy Daer <jeremydaer@gmail.com> | 2017-12-05 00:13:48 -0700 |
| commit | 3c442b6df91e291ebbf17f37444414bf5f10fbe6 (patch) | |
| tree | fc5383bab81a523a42f1b2f352df037ffd35f01d /actionpack/test | |
| parent | c383c4142a1ce3b7bbfa241957cd81f398c91231 (diff) | |
| download | rails-3c442b6df91e291ebbf17f37444414bf5f10fbe6.tar.gz rails-3c442b6df91e291ebbf17f37444414bf5f10fbe6.tar.bz2 rails-3c442b6df91e291ebbf17f37444414bf5f10fbe6.zip | |
Fix CSP copy boolean directives (#31326)
Use Object#deep_dup to safely duplicate policy values
Diffstat (limited to 'actionpack/test')
| -rw-r--r-- | actionpack/test/dispatch/content_security_policy_test.rb | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/actionpack/test/dispatch/content_security_policy_test.rb b/actionpack/test/dispatch/content_security_policy_test.rb index 8a1ac066e8..7c4a65a633 100644 --- a/actionpack/test/dispatch/content_security_policy_test.rb +++ b/actionpack/test/dispatch/content_security_policy_test.rb @@ -14,6 +14,15 @@ class ContentSecurityPolicyTest < ActiveSupport::TestCase assert_equal "script-src 'self';", @policy.build end + def test_dup + @policy.img_src :self + @policy.block_all_mixed_content + @policy.upgrade_insecure_requests + @policy.sandbox + copied = @policy.dup + assert_equal copied.build, @policy.build + end + def test_mappings @policy.script_src :data assert_equal "script-src data:;", @policy.build |