diff options
| author | Rafael França <rafaelmfranca@gmail.com> | 2019-01-22 15:35:57 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-22 15:35:57 -0500 |
| commit | afbab2822aa1324de7a1ceff10eaf3f6a9a3a63f (patch) | |
| tree | a4c53072787431110d680f9783e606f074ccc836 /actionpack/test | |
| parent | ea6a488f51f439854bf3c528e4225eb45f767d00 (diff) | |
| parent | 2e0ca9284a6864cfbbb632d849df3fdd7a7c554e (diff) | |
| download | rails-afbab2822aa1324de7a1ceff10eaf3f6a9a3a63f.tar.gz rails-afbab2822aa1324de7a1ceff10eaf3f6a9a3a63f.tar.bz2 rails-afbab2822aa1324de7a1ceff10eaf3f6a9a3a63f.zip | |
Merge pull request #35018 from gmcgibbon/revert_redirect_to_allow_other_host
Revert ensure external redirects are explicitly allowed
Diffstat (limited to 'actionpack/test')
| -rw-r--r-- | actionpack/test/controller/action_pack_assertions_test.rb | 6 | ||||
| -rw-r--r-- | actionpack/test/controller/log_subscriber_test.rb | 4 | ||||
| -rw-r--r-- | actionpack/test/controller/redirect_test.rb | 44 |
3 files changed, 12 insertions, 42 deletions
diff --git a/actionpack/test/controller/action_pack_assertions_test.rb b/actionpack/test/controller/action_pack_assertions_test.rb index c7aae034dd..ecb8c37e6b 100644 --- a/actionpack/test/controller/action_pack_assertions_test.rb +++ b/actionpack/test/controller/action_pack_assertions_test.rb @@ -28,13 +28,13 @@ class ActionPackAssertionsController < ActionController::Base def redirect_to_path() redirect_to "/some/path" end - def redirect_invalid_external_route() redirect_to "ht_tp://www.rubyonrails.org", allow_other_host: true end + def redirect_invalid_external_route() redirect_to "ht_tp://www.rubyonrails.org" end def redirect_to_named_route() redirect_to route_one_url end - def redirect_external() redirect_to "http://www.rubyonrails.org", allow_other_host: true; end + def redirect_external() redirect_to "http://www.rubyonrails.org"; end - def redirect_external_protocol_relative() redirect_to "//www.rubyonrails.org", allow_other_host: true; end + def redirect_external_protocol_relative() redirect_to "//www.rubyonrails.org"; end def response404() head "404 AWOL" end diff --git a/actionpack/test/controller/log_subscriber_test.rb b/actionpack/test/controller/log_subscriber_test.rb index cbebc6b59c..0562c16284 100644 --- a/actionpack/test/controller/log_subscriber_test.rb +++ b/actionpack/test/controller/log_subscriber_test.rb @@ -25,11 +25,11 @@ module Another end def redirector - redirect_to "http://foo.bar/", allow_other_host: true + redirect_to "http://foo.bar/" end def filterable_redirector - redirect_to "http://secret.foo.bar/", allow_other_host: true + redirect_to "http://secret.foo.bar/" end def data_sender diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb index 945d2275c0..998498e1b2 100644 --- a/actionpack/test/controller/redirect_test.rb +++ b/actionpack/test/controller/redirect_test.rb @@ -49,11 +49,11 @@ class RedirectController < ActionController::Base end def url_redirect_with_status - redirect_to("http://www.example.com", status: :moved_permanently, allow_other_host: true) + redirect_to("http://www.example.com", status: :moved_permanently) end def url_redirect_with_status_hash - redirect_to("http://www.example.com", status: 301, allow_other_host: true) + redirect_to("http://www.example.com", status: 301) end def relative_url_redirect_with_status @@ -81,27 +81,19 @@ class RedirectController < ActionController::Base end def redirect_to_url - redirect_to "http://www.rubyonrails.org/", allow_other_host: true - end - - def redirect_to_unsafe_url redirect_to "http://www.rubyonrails.org/" end - def redirect_to_relative_unsafe_url - redirect_to ".br" - end - def redirect_to_url_with_unescaped_query_string - redirect_to "http://example.com/query?status=new", allow_other_host: true + redirect_to "http://example.com/query?status=new" end def redirect_to_url_with_complex_scheme - redirect_to "x-test+scheme.complex:redirect", allow_other_host: true + redirect_to "x-test+scheme.complex:redirect" end def redirect_to_url_with_network_path_reference - redirect_to "//www.rubyonrails.org/", allow_other_host: true + redirect_to "//www.rubyonrails.org/" end def redirect_to_existing_record @@ -121,12 +113,12 @@ class RedirectController < ActionController::Base end def redirect_to_with_block - redirect_to proc { "http://www.rubyonrails.org/" }, allow_other_host: true + redirect_to proc { "http://www.rubyonrails.org/" } end def redirect_to_with_block_and_assigns @url = "http://www.rubyonrails.org/" - redirect_to proc { @url }, allow_other_host: true + redirect_to proc { @url } end def redirect_to_with_block_and_options @@ -253,28 +245,6 @@ class RedirectTest < ActionController::TestCase assert_redirected_to "http://www.rubyonrails.org/" end - def test_redirect_to_unsafe_url - error = assert_raises(ArgumentError) do - get :redirect_to_unsafe_url - end - assert_equal <<~MSG.squish, error.message - Unsafe redirect \"http://www.rubyonrails.org/\", - use :fallback_location to specify a fallback or - :allow_other_host to redirect anyway. - MSG - end - - def test_redirect_to_relative_unsafe_url - error = assert_raises(ArgumentError) do - get :redirect_to_relative_unsafe_url - end - assert_equal <<~MSG.squish, error.message - Unsafe redirect \"http://test.host.br\", - use :fallback_location to specify a fallback or - :allow_other_host to redirect anyway. - MSG - end - def test_redirect_to_url_with_unescaped_query_string get :redirect_to_url_with_unescaped_query_string assert_response :redirect |