aboutsummaryrefslogtreecommitdiffstats
path: root/test/connection/cross_site_forgery_test.rb
diff options
context:
space:
mode:
authoradamliesko <adamliesko@gmail.com>2015-12-05 22:58:31 +0100
committeradamliesko <adamliesko@gmail.com>2015-12-12 23:14:49 +0100
commit09e10ef643f00c6b4c5877438ed50d2a5f199522 (patch)
tree6c8930ff72a0bfa1dfc0474df9a0657b15dae3d0 /test/connection/cross_site_forgery_test.rb
parentc362beab2edd3dcae248dfaaaf3e0dee12baafa8 (diff)
downloadrails-09e10ef643f00c6b4c5877438ed50d2a5f199522.tar.gz
rails-09e10ef643f00c6b4c5877438ed50d2a5f199522.tar.bz2
rails-09e10ef643f00c6b4c5877438ed50d2a5f199522.zip
Allow regexp for a allowed_request_origins array
Diffstat (limited to 'test/connection/cross_site_forgery_test.rb')
-rw-r--r--test/connection/cross_site_forgery_test.rb14
1 files changed, 14 insertions, 0 deletions
diff --git a/test/connection/cross_site_forgery_test.rb b/test/connection/cross_site_forgery_test.rb
index 166abb7b38..ede3057e30 100644
--- a/test/connection/cross_site_forgery_test.rb
+++ b/test/connection/cross_site_forgery_test.rb
@@ -40,6 +40,20 @@ class ActionCable::Connection::CrossSiteForgeryTest < ActionCable::TestCase
assert_origin_not_allowed 'http://hax.com'
end
+ test "explicitly specified a single regexp allowed origin" do
+ @server.config.allowed_request_origins = /.*ha.*/
+ assert_origin_not_allowed 'http://rubyonrails.com'
+ assert_origin_allowed 'http://hax.com'
+ end
+
+ test "explicitly specified multiple regexp allowed origins" do
+ @server.config.allowed_request_origins = [/http:\/\/ruby.*/, /.*rai.s.*com/, 'string' ]
+ assert_origin_allowed 'http://rubyonrails.com'
+ assert_origin_allowed 'http://www.rubyonrails.com'
+ assert_origin_not_allowed 'http://hax.com'
+ assert_origin_not_allowed 'http://rails.co.uk'
+ end
+
private
def assert_origin_allowed(origin)
response = connect_with_origin origin
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 16:00:54 +0000