diff options
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/lib/action_dispatch/http/response.rb | 5 | ||||
-rw-r--r-- | actionpack/lib/action_dispatch/railtie.rb | 1 | ||||
-rw-r--r-- | actionpack/test/dispatch/response_test.rb | 27 |
3 files changed, 33 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/http/response.rb b/actionpack/lib/action_dispatch/http/response.rb index d336808e7c..5014ad80aa 100644 --- a/actionpack/lib/action_dispatch/http/response.rb +++ b/actionpack/lib/action_dispatch/http/response.rb @@ -58,6 +58,7 @@ module ActionDispatch # :nodoc: LOCATION = "Location".freeze cattr_accessor(:default_charset) { "utf-8" } + cattr_accessor(:default_headers) include Rack::Response::Helpers include ActionDispatch::Http::Cache::Response @@ -96,6 +97,10 @@ module ActionDispatch # :nodoc: def initialize(status = 200, header = {}, body = []) super() + if self.class.default_headers.respond_to?(:merge) + header = self.class.default_headers.merge(header) + end + self.body, self.header, self.status = body, header, status @sending_file = false diff --git a/actionpack/lib/action_dispatch/railtie.rb b/actionpack/lib/action_dispatch/railtie.rb index 62f906219c..e7f3f07390 100644 --- a/actionpack/lib/action_dispatch/railtie.rb +++ b/actionpack/lib/action_dispatch/railtie.rb @@ -23,6 +23,7 @@ module ActionDispatch ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length ActionDispatch::Request.ignore_accept_header = app.config.action_dispatch.ignore_accept_header ActionDispatch::Response.default_charset = app.config.action_dispatch.default_charset || app.config.encoding + ActionDispatch::Response.default_headers = app.config.action_dispatch.default_headers ActionDispatch::ExceptionWrapper.rescue_responses.merge!(config.action_dispatch.rescue_responses) ActionDispatch::ExceptionWrapper.rescue_templates.merge!(config.action_dispatch.rescue_templates) diff --git a/actionpack/test/dispatch/response_test.rb b/actionpack/test/dispatch/response_test.rb index e2903d4b36..71609d7340 100644 --- a/actionpack/test/dispatch/response_test.rb +++ b/actionpack/test/dispatch/response_test.rb @@ -176,6 +176,33 @@ class ResponseTest < ActiveSupport::TestCase ActionDispatch::Response.default_charset = original end end + + test "read x_frame_options and x_xss_protection" do + ActionDispatch::Response.default_headers = { + 'X-Frame-Options' => 'DENY', + 'X-XSS-Protection' => '1;' + } + resp = ActionDispatch::Response.new.tap { |response| + response.body = 'Hello' + } + resp.to_a + + assert_equal('DENY', resp.headers['X-Frame-Options']) + assert_equal('1;', resp.headers['X-XSS-Protection']) + end + + test "read custom default_header" do + ActionDispatch::Response.default_headers = { + 'X-XX-XXXX' => 'Here is my phone number' + } + resp = ActionDispatch::Response.new.tap { |response| + response.body = 'Hello' + } + resp.to_a + + assert_equal('Here is my phone number', resp.headers['X-XX-XXXX']) + end + end class ResponseIntegrationTest < ActionDispatch::IntegrationTest |