diff options
Diffstat (limited to 'railties/test/application/middleware/session_test.rb')
| -rw-r--r-- | railties/test/application/middleware/session_test.rb | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/railties/test/application/middleware/session_test.rb b/railties/test/application/middleware/session_test.rb index 25eadfc387..85e7761727 100644 --- a/railties/test/application/middleware/session_test.rb +++ b/railties/test/application/middleware/session_test.rb @@ -20,12 +20,19 @@ module ApplicationTests @app ||= Rails.application end - test "config.force_ssl sets cookie to secure only" do + test "config.force_ssl sets cookie to secure only by default" do add_to_config "config.force_ssl = true" require "#{app_path}/config/environment" assert app.config.session_options[:secure], "Expected session to be marked as secure" end + test "config.force_ssl doesn't set cookie to secure only when changed from default" do + add_to_config "config.force_ssl = true" + add_to_config "config.ssl_options = { secure_cookies: false }" + require "#{app_path}/config/environment" + assert !app.config.session_options[:secure] + end + test "session is not loaded if it's not used" do make_basic_app @@ -338,5 +345,33 @@ module ApplicationTests get '/foo/read_raw_cookie' assert_equal 2, verifier.verify(last_response.body)['foo'] end + + test 'calling reset_session on request does not trigger an error for API apps' do + add_to_config 'config.api_only = true' + + controller :test, <<-RUBY + class TestController < ApplicationController + def dump_flash + request.reset_session + render plain: 'It worked!' + end + end + RUBY + + app_file 'config/routes.rb', <<-RUBY + Rails.application.routes.draw do + get '/dump_flash' => "test#dump_flash" + end + RUBY + + require "#{app_path}/config/environment" + + get '/dump_flash' + + assert_equal 200, last_response.status + assert_equal 'It worked!', last_response.body + + refute Rails.application.middleware.include?(ActionDispatch::Flash) + end end end |