diff options
| -rw-r--r-- | actionpack/test/controller/redirect_test.rb | 29 | 
1 files changed, 29 insertions, 0 deletions
| diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb index 998498e1b2..7f1c41787a 100644 --- a/actionpack/test/controller/redirect_test.rb +++ b/actionpack/test/controller/redirect_test.rb @@ -68,10 +68,18 @@ class RedirectController < ActionController::Base      redirect_back(fallback_location: "/things/stuff", status: 307)    end +  def redirect_back_with_status_and_fallback_location_to_another_host +    redirect_back(fallback_location: "http://www.rubyonrails.org/", status: 307) +  end +    def safe_redirect_back_with_status      redirect_back(fallback_location: "/things/stuff", status: 307, allow_other_host: false)    end +  def safe_redirect_back_with_status_and_fallback_location_to_another_host +    redirect_back(fallback_location: "http://www.rubyonrails.org/", status: 307, allow_other_host: false) +  end +    def host_redirect      redirect_to action: "other_host", only_path: false, host: "other.test.host"    end @@ -280,6 +288,13 @@ class RedirectTest < ActionController::TestCase      assert_equal "http://test.host/things/stuff", redirect_to_url    end +  def test_redirect_back_with_no_referer_redirects_to_another_host +    get :redirect_back_with_status_and_fallback_location_to_another_host + +    assert_response 307 +    assert_equal "http://www.rubyonrails.org/", redirect_to_url +  end +    def test_safe_redirect_back_from_other_host      @request.env["HTTP_REFERER"] = "http://another.host/coming/from"      get :safe_redirect_back_with_status @@ -297,6 +312,20 @@ class RedirectTest < ActionController::TestCase      assert_equal referer, redirect_to_url    end +  def test_safe_redirect_back_with_no_referer +    get :safe_redirect_back_with_status + +    assert_response 307 +    assert_equal "http://test.host/things/stuff", redirect_to_url +  end + +  def test_safe_redirect_back_with_no_referer_redirects_to_another_host +    get :safe_redirect_back_with_status_and_fallback_location_to_another_host + +    assert_response 307 +    assert_equal "http://www.rubyonrails.org/", redirect_to_url +  end +    def test_redirect_to_record      with_routing do |set|        set.draw do | 
