aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/metal_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/test/controller/metal_test.rb')
-rw-r--r--actionpack/test/controller/metal_test.rb32
1 files changed, 32 insertions, 0 deletions
diff --git a/actionpack/test/controller/metal_test.rb b/actionpack/test/controller/metal_test.rb
new file mode 100644
index 0000000000..7b53092266
--- /dev/null
+++ b/actionpack/test/controller/metal_test.rb
@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require "abstract_unit"
+
+class MetalControllerInstanceTests < ActiveSupport::TestCase
+ class SimpleController < ActionController::Metal
+ def hello
+ self.response_body = "hello"
+ end
+ end
+
+ def test_response_does_not_have_default_headers
+ original_default_headers = ActionDispatch::Response.default_headers
+
+ ActionDispatch::Response.default_headers = {
+ "X-Frame-Options" => "DENY",
+ "X-Content-Type-Options" => "nosniff",
+ "X-XSS-Protection" => "1;"
+ }
+
+ response_headers = SimpleController.action("hello").call(
+ "REQUEST_METHOD" => "GET",
+ "rack.input" => -> { }
+ )[1]
+
+ assert_not response_headers.key?("X-Frame-Options")
+ assert_not response_headers.key?("X-Content-Type-Options")
+ assert_not response_headers.key?("X-XSS-Protection")
+ ensure
+ ActionDispatch::Response.default_headers = original_default_headers
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 01:49:05 +0000