diff options
| author | adamliesko <adamliesko@gmail.com> | 2015-12-05 22:58:31 +0100 |
|---|---|---|
| committer | adamliesko <adamliesko@gmail.com> | 2015-12-12 23:14:49 +0100 |
| commit | 09e10ef643f00c6b4c5877438ed50d2a5f199522 (patch) | |
| tree | 6c8930ff72a0bfa1dfc0474df9a0657b15dae3d0 /test | |
| parent | c362beab2edd3dcae248dfaaaf3e0dee12baafa8 (diff) | |
| download | rails-09e10ef643f00c6b4c5877438ed50d2a5f199522.tar.gz rails-09e10ef643f00c6b4c5877438ed50d2a5f199522.tar.bz2 rails-09e10ef643f00c6b4c5877438ed50d2a5f199522.zip | |
Allow regexp for a allowed_request_origins array
Diffstat (limited to 'test')
| -rw-r--r-- | test/connection/cross_site_forgery_test.rb | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/test/connection/cross_site_forgery_test.rb b/test/connection/cross_site_forgery_test.rb index 166abb7b38..ede3057e30 100644 --- a/test/connection/cross_site_forgery_test.rb +++ b/test/connection/cross_site_forgery_test.rb @@ -40,6 +40,20 @@ class ActionCable::Connection::CrossSiteForgeryTest < ActionCable::TestCase assert_origin_not_allowed 'http://hax.com' end + test "explicitly specified a single regexp allowed origin" do + @server.config.allowed_request_origins = /.*ha.*/ + assert_origin_not_allowed 'http://rubyonrails.com' + assert_origin_allowed 'http://hax.com' + end + + test "explicitly specified multiple regexp allowed origins" do + @server.config.allowed_request_origins = [/http:\/\/ruby.*/, /.*rai.s.*com/, 'string' ] + assert_origin_allowed 'http://rubyonrails.com' + assert_origin_allowed 'http://www.rubyonrails.com' + assert_origin_not_allowed 'http://hax.com' + assert_origin_not_allowed 'http://rails.co.uk' + end + private def assert_origin_allowed(origin) response = connect_with_origin origin |