diff options
Diffstat (limited to 'actionpack/test/dispatch/ssl_test.rb')
| -rw-r--r-- | actionpack/test/dispatch/ssl_test.rb | 57 |
1 files changed, 56 insertions, 1 deletions
diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb index 6f075a9074..94969f795a 100644 --- a/actionpack/test/dispatch/ssl_test.rb +++ b/actionpack/test/dispatch/ssl_test.rb @@ -37,6 +37,11 @@ class SSLTest < ActionDispatch::IntegrationTest response.headers['Strict-Transport-Security'] end + def test_no_hsts_with_insecure_connection + get "http://example.org/" + assert_not response.headers['Strict-Transport-Security'] + end + def test_hsts_header self.app = ActionDispatch::SSL.new(default_app, :hsts => true) get "https://example.org/" @@ -47,7 +52,7 @@ class SSLTest < ActionDispatch::IntegrationTest def test_disable_hsts_header self.app = ActionDispatch::SSL.new(default_app, :hsts => false) get "https://example.org/" - refute response.headers['Strict-Transport-Security'] + assert_not response.headers['Strict-Transport-Security'] end def test_hsts_expires @@ -57,6 +62,13 @@ class SSLTest < ActionDispatch::IntegrationTest response.headers['Strict-Transport-Security'] end + def test_hsts_expires_with_duration + self.app = ActionDispatch::SSL.new(default_app, :hsts => { :expires => 1.year }) + get "https://example.org/" + assert_equal "max-age=31557600", + response.headers['Strict-Transport-Security'] + end + def test_hsts_include_subdomains self.app = ActionDispatch::SSL.new(default_app, :hsts => { :subdomains => true }) get "https://example.org/" @@ -112,6 +124,49 @@ class SSLTest < ActionDispatch::IntegrationTest response.headers['Set-Cookie'].split("\n") end + + def test_flag_cookies_as_secure_with_has_not_spaces_before + self.app = ActionDispatch::SSL.new(lambda { |env| + headers = { + 'Content-Type' => "text/html", + 'Set-Cookie' => "problem=def; path=/;secure; HttpOnly" + } + [200, headers, ["OK"]] + }) + + get "https://example.org/" + assert_equal ["problem=def; path=/;secure; HttpOnly"], + response.headers['Set-Cookie'].split("\n") + end + + def test_flag_cookies_as_secure_with_has_not_spaces_after + self.app = ActionDispatch::SSL.new(lambda { |env| + headers = { + 'Content-Type' => "text/html", + 'Set-Cookie' => "problem=def; path=/; secure;HttpOnly" + } + [200, headers, ["OK"]] + }) + + get "https://example.org/" + assert_equal ["problem=def; path=/; secure;HttpOnly"], + response.headers['Set-Cookie'].split("\n") + end + + def test_flag_cookies_as_secure_with_ignore_case + self.app = ActionDispatch::SSL.new(lambda { |env| + headers = { + 'Content-Type' => "text/html", + 'Set-Cookie' => "problem=def; path=/; Secure; HttpOnly" + } + [200, headers, ["OK"]] + }) + + get "https://example.org/" + assert_equal ["problem=def; path=/; Secure; HttpOnly"], + response.headers['Set-Cookie'].split("\n") + end + def test_no_cookies self.app = ActionDispatch::SSL.new(lambda { |env| [200, {'Content-Type' => "text/html"}, ["OK"]] |