diff options
| author | Andrew White <andrew.white@unboxed.co> | 2018-02-19 12:20:43 +0000 |
|---|---|---|
| committer | Andrew White <andrew.white@unboxed.co> | 2018-02-19 12:20:43 +0000 |
| commit | d85283cc42b1a965944047a2f602153804126f77 (patch) | |
| tree | bfb9986bff4ddf92aad7c973f31e78f0ed0be293 /railties | |
| parent | 57f9c36387f371cfb791aa660c733e9690443d04 (diff) | |
| download | rails-d85283cc42b1a965944047a2f602153804126f77.tar.gz rails-d85283cc42b1a965944047a2f602153804126f77.tar.bz2 rails-d85283cc42b1a965944047a2f602153804126f77.zip | |
Remove trailing semi-colon from CSP
Although the spec[1] is defined in such a way that a trailing semi-colon
is valid it also doesn't allow a semi-colon by itself to indicate an
empty policy. Therefore it's easier (and valid) just to omit it rather
than to detect whether the policy is empty or not.
[1]: https://www.w3.org/TR/CSP2/#policy-syntax
Diffstat (limited to 'railties')
| -rw-r--r-- | railties/test/application/content_security_policy_test.rb | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/railties/test/application/content_security_policy_test.rb b/railties/test/application/content_security_policy_test.rb index 43f2b333f3..0d28df16f8 100644 --- a/railties/test/application/content_security_policy_test.rb +++ b/railties/test/application/content_security_policy_test.rb @@ -60,7 +60,7 @@ module ApplicationTests app("development") get "/" - assert_policy ";" + assert_policy "" end test "global content security policy in an initializer" do @@ -87,7 +87,7 @@ module ApplicationTests app("development") get "/" - assert_policy "default-src 'self' https:;" + assert_policy "default-src 'self' https:" end test "global report only content security policy in an initializer" do @@ -116,7 +116,7 @@ module ApplicationTests app("development") get "/" - assert_policy "default-src 'self' https:;", report_only: true + assert_policy "default-src 'self' https:", report_only: true end test "override content security policy in a controller" do @@ -147,7 +147,7 @@ module ApplicationTests app("development") get "/" - assert_policy "default-src https://example.com;" + assert_policy "default-src https://example.com" end test "override content security policy to report only in a controller" do @@ -176,7 +176,7 @@ module ApplicationTests app("development") get "/" - assert_policy "default-src 'self' https:;", report_only: true + assert_policy "default-src 'self' https:", report_only: true end test "global content security policy added to rack app" do @@ -200,7 +200,7 @@ module ApplicationTests app("development") get "/" - assert_policy "default-src 'self' https:;" + assert_policy "default-src 'self' https:" end private |