diff options
author | Andrew White <pixeltrix@users.noreply.github.com> | 2017-03-30 10:29:33 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-03-30 10:29:33 +0100 |
commit | 93982de132f5e3fdcd7794d697a6566bd98da393 (patch) | |
tree | 29931ab5884d351069ca1970934814b61a2801c2 /actionpack/test | |
parent | f6eeb4e6e578a5fd3113f24ce55831edaf8e1116 (diff) | |
parent | 9d695743dee0eb57cedd1f0e7a9dc1a16ef0b530 (diff) | |
download | rails-93982de132f5e3fdcd7794d697a6566bd98da393.tar.gz rails-93982de132f5e3fdcd7794d697a6566bd98da393.tar.bz2 rails-93982de132f5e3fdcd7794d697a6566bd98da393.zip |
Merge pull request #28606 from maclover7/jm-fix-25820
Do not include default response headers for AC::Metal
Diffstat (limited to 'actionpack/test')
-rw-r--r-- | actionpack/test/controller/base_test.rb | 27 | ||||
-rw-r--r-- | actionpack/test/controller/metal_test.rb | 30 |
2 files changed, 57 insertions, 0 deletions
diff --git a/actionpack/test/controller/base_test.rb b/actionpack/test/controller/base_test.rb index 42a5157010..4e969fac07 100644 --- a/actionpack/test/controller/base_test.rb +++ b/actionpack/test/controller/base_test.rb @@ -11,6 +11,12 @@ end class EmptyController < ActionController::Base end +class SimpleController < ActionController::Base + def hello + self.response_body = "hello" + end +end + class NonEmptyController < ActionController::Base def public_action head :ok @@ -118,6 +124,27 @@ class ControllerInstanceTests < ActiveSupport::TestCase controller = klass.new assert_equal "examples", controller.controller_path end + + def test_response_has_default_headers + original_default_headers = ActionDispatch::Response.default_headers + + ActionDispatch::Response.default_headers = { + "X-Frame-Options" => "DENY", + "X-Content-Type-Options" => "nosniff", + "X-XSS-Protection" => "1;" + } + + response_headers = SimpleController.action("hello").call( + "REQUEST_METHOD" => "GET", + "rack.input" => -> {} + )[1] + + assert response_headers.key?("X-Frame-Options") + assert response_headers.key?("X-Content-Type-Options") + assert response_headers.key?("X-XSS-Protection") + ensure + ActionDispatch::Response.default_headers = original_default_headers + end end class PerformActionTest < ActionController::TestCase diff --git a/actionpack/test/controller/metal_test.rb b/actionpack/test/controller/metal_test.rb new file mode 100644 index 0000000000..e16452ed6f --- /dev/null +++ b/actionpack/test/controller/metal_test.rb @@ -0,0 +1,30 @@ +require "abstract_unit" + +class MetalControllerInstanceTests < ActiveSupport::TestCase + class SimpleController < ActionController::Metal + def hello + self.response_body = "hello" + end + end + + def test_response_has_default_headers + original_default_headers = ActionDispatch::Response.default_headers + + ActionDispatch::Response.default_headers = { + "X-Frame-Options" => "DENY", + "X-Content-Type-Options" => "nosniff", + "X-XSS-Protection" => "1;" + } + + response_headers = SimpleController.action("hello").call( + "REQUEST_METHOD" => "GET", + "rack.input" => -> {} + )[1] + + refute response_headers.key?("X-Frame-Options") + refute response_headers.key?("X-Content-Type-Options") + refute response_headers.key?("X-XSS-Protection") + ensure + ActionDispatch::Response.default_headers = original_default_headers + end +end |