From 428939be9f954d39b0c41bc53d85d0d106b9d1a1 Mon Sep 17 00:00:00 2001 From: Guillermo Iguaran Date: Mon, 8 Jan 2018 22:14:22 -0500 Subject: Add 'Referrer-Policy' header to default headers set --- actionpack/test/dispatch/response_test.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'actionpack/test/dispatch/response_test.rb') diff --git a/actionpack/test/dispatch/response_test.rb b/actionpack/test/dispatch/response_test.rb index 4e350162c9..0b727dad3d 100644 --- a/actionpack/test/dispatch/response_test.rb +++ b/actionpack/test/dispatch/response_test.rb @@ -311,7 +311,7 @@ class ResponseTest < ActiveSupport::TestCase end end - test "read x_frame_options, x_content_type_options, x_xss_protection, x_download_options and x_permitted_cross_domain_policies" do + test "read x_frame_options, x_content_type_options, x_xss_protection, x_download_options and x_permitted_cross_domain_policies, referrer_policy" do original_default_headers = ActionDispatch::Response.default_headers begin ActionDispatch::Response.default_headers = { @@ -319,7 +319,8 @@ class ResponseTest < ActiveSupport::TestCase "X-Content-Type-Options" => "nosniff", "X-XSS-Protection" => "1;", "X-Download-Options" => "noopen", - "X-Permitted-Cross-Domain-Policies" => "none" + "X-Permitted-Cross-Domain-Policies" => "none", + "Referrer-Policy" => "strict-origin-when-cross-origin" } resp = ActionDispatch::Response.create.tap { |response| response.body = "Hello" @@ -331,6 +332,7 @@ class ResponseTest < ActiveSupport::TestCase assert_equal("1;", resp.headers["X-XSS-Protection"]) assert_equal("noopen", resp.headers["X-Download-Options"]) assert_equal("none", resp.headers["X-Permitted-Cross-Domain-Policies"]) + assert_equal("strict-origin-when-cross-origin", resp.headers["Referrer-Policy"]) ensure ActionDispatch::Response.default_headers = original_default_headers end -- cgit v1.2.3