diff options
| -rw-r--r-- | actionpack/CHANGELOG.md | 5 | ||||
| -rw-r--r-- | actionpack/lib/action_dispatch/testing/test_response.rb | 7 | ||||
| -rw-r--r-- | actionpack/test/controller/integration_test.rb | 23 |
3 files changed, 35 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 610330ce11..19894e271b 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,8 @@ +* Default headers, removed in controller actions, will not be reapplied to + the test response. + + *Jonas Baumann* + * Deprecate all *_filter callbacks in favor of *_action callbacks. *Rafael Mendonça França* diff --git a/actionpack/lib/action_dispatch/testing/test_response.rb b/actionpack/lib/action_dispatch/testing/test_response.rb index 82039e72e7..369ea1467c 100644 --- a/actionpack/lib/action_dispatch/testing/test_response.rb +++ b/actionpack/lib/action_dispatch/testing/test_response.rb @@ -25,5 +25,12 @@ module ActionDispatch # Was there a server-side error? alias_method :error?, :server_error? + + def merge_default_headers(original, *args) + # Default headers are already applied, no need to merge them a second time. + # This makes sure that default headers, removed in controller actions, will + # not be reapplied to the test response. + original + end end end diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb index 5535c7ae78..5c0651bd73 100644 --- a/actionpack/test/controller/integration_test.rb +++ b/actionpack/test/controller/integration_test.rb @@ -279,6 +279,11 @@ class IntegrationProcessTest < ActionDispatch::IntegrationTest def redirect redirect_to action_url('get') end + + def remove_default_header + response.headers.except! 'X-Frame-Options' + head :ok + end end def test_get @@ -506,6 +511,24 @@ class IntegrationProcessTest < ActionDispatch::IntegrationTest end end + def test_removed_default_headers_on_test_response_are_not_reapplied + with_test_route_set do + begin + header_to_remove = 'X-Frame-Options' + original_default_headers = ActionDispatch::Response.default_headers + ActionDispatch::Response.default_headers = { + 'X-Content-Type-Options' => 'nosniff', + header_to_remove => 'SAMEORIGIN', + } + get '/remove_default_header' + assert_includes headers, 'X-Content-Type-Options' + assert_not_includes headers, header_to_remove, "Should not contain removed default header" + ensure + ActionDispatch::Response.default_headers = original_default_headers + end + end + end + private def with_test_route_set with_routing do |set| |