diff options
| author | Edouard CHIN <edouard.chin@shopify.com> | 2018-10-12 02:06:13 -0400 |
|---|---|---|
| committer | Edouard CHIN <edouard.chin@shopify.com> | 2019-07-25 18:57:07 +0200 |
| commit | 1969f40a3a0aa7393b4815b7f7227c79f28b343a (patch) | |
| tree | 6e4ac72d4bc4c9e185c66aa3d229be2c36462231 /actionpack | |
| parent | 1d83ab936672790ea3abd407df8c16d696aaef70 (diff) | |
| download | rails-1969f40a3a0aa7393b4815b7f7227c79f28b343a.tar.gz rails-1969f40a3a0aa7393b4815b7f7227c79f28b343a.tar.bz2 rails-1969f40a3a0aa7393b4815b7f7227c79f28b343a.zip | |
fix `follow_redirect!` not using the same HTTP verb on 307 redirection:
- According to the HTTP 1.1 spec, the 307 redirection guarantees that
the method and the body will not be changed during redirection.
This PR fixes that since follow_redirect! would always follow the
redirection my making a GET request.
Ref https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/307
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/CHANGELOG.md | 5 | ||||
| -rw-r--r-- | actionpack/lib/action_dispatch/testing/integration.rb | 11 | ||||
| -rw-r--r-- | actionpack/test/controller/integration_test.rb | 13 |
3 files changed, 26 insertions, 3 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 99a4ac6845..ca7ae6621b 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,8 @@ +* Fix IntegrationTest `follow_redirect!` to follow redirection using the same HTTP verb when following + a 307 redirection. + + *Edouard Chin* + * System tests require Capybara 3.26 or newer. *George Claghorn* diff --git a/actionpack/lib/action_dispatch/testing/integration.rb b/actionpack/lib/action_dispatch/testing/integration.rb index c5f8b816a4..9e7b4301a8 100644 --- a/actionpack/lib/action_dispatch/testing/integration.rb +++ b/actionpack/lib/action_dispatch/testing/integration.rb @@ -49,11 +49,16 @@ module ActionDispatch # Follow a single redirect response. If the last response was not a # redirect, an exception will be raised. Otherwise, the redirect is - # performed on the location header. Any arguments are passed to the - # underlying call to `get`. + # performed on the location header. If the redirection is a 307 redirect, + # the same HTTP verb will be used when redirecting, otherwise a GET request + # will be performed. Any arguments are passed to the + # underlying request. def follow_redirect!(**args) raise "not a redirect! #{status} #{status_message}" unless redirect? - get(response.location, **args) + + method = response.status == 307 ? request.method.downcase : :get + public_send(method, response.location, **args) + status end end diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb index cce229b30d..caacd66bd6 100644 --- a/actionpack/test/controller/integration_test.rb +++ b/actionpack/test/controller/integration_test.rb @@ -213,6 +213,10 @@ class IntegrationProcessTest < ActionDispatch::IntegrationTest redirect_to action_url("get") end + def redirect_307 + redirect_to action_url("post"), status: 307 + end + def remove_header response.headers.delete params[:header] head :ok, "c" => "3" @@ -337,6 +341,15 @@ class IntegrationProcessTest < ActionDispatch::IntegrationTest end end + def test_307_redirect_uses_the_same_http_verb + with_test_route_set do + post "/redirect_307" + assert_equal 307, status + follow_redirect! + assert_equal "POST", request.method + end + end + def test_redirect_reset_html_document with_test_route_set do get "/redirect" |