From ec462b4de7904e0e55a312940e88b9e825bf955c Mon Sep 17 00:00:00 2001 From: Lewis Marshall Date: Mon, 22 Apr 2013 14:09:41 +0100 Subject: Return a 405 response for unknown HTTP methods --- actionpack/CHANGELOG.md | 5 +++++ actionpack/lib/action_dispatch/middleware/exception_wrapper.rb | 1 + actionpack/test/dispatch/debug_exceptions_test.rb | 6 ++++++ actionpack/test/dispatch/show_exceptions_test.rb | 6 ++++++ 4 files changed, 18 insertions(+) (limited to 'actionpack') diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index cbf5b66003..a545b067b3 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,5 +1,10 @@ ## Rails 4.0.0 (unreleased) ## +* Return a 405 Method Not Allowed response when a request contains an unknown + HTTP method. + + *Lewis Marshall* + * Add support for extracting the port from the `:host` option passed to `url_for`. *Andrew White* diff --git a/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb b/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb index 7489ce8028..0a19381c89 100644 --- a/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb +++ b/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb @@ -9,6 +9,7 @@ module ActionDispatch 'ActionController::RoutingError' => :not_found, 'AbstractController::ActionNotFound' => :not_found, 'ActionController::MethodNotAllowed' => :method_not_allowed, + 'ActionController::UnknownHttpMethod' => :method_not_allowed, 'ActionController::NotImplemented' => :not_implemented, 'ActionController::UnknownFormat' => :not_acceptable, 'ActionController::InvalidAuthenticityToken' => :unprocessable_entity, diff --git a/actionpack/test/dispatch/debug_exceptions_test.rb b/actionpack/test/dispatch/debug_exceptions_test.rb index 6035f0361e..ff0baccd76 100644 --- a/actionpack/test/dispatch/debug_exceptions_test.rb +++ b/actionpack/test/dispatch/debug_exceptions_test.rb @@ -29,6 +29,8 @@ class DebugExceptionsTest < ActionDispatch::IntegrationTest raise RuntimeError when "/method_not_allowed" raise ActionController::MethodNotAllowed + when "/unknown_http_method" + raise ActionController::UnknownHttpMethod when "/not_implemented" raise ActionController::NotImplemented when "/unprocessable_entity" @@ -113,6 +115,10 @@ class DebugExceptionsTest < ActionDispatch::IntegrationTest assert_response 405 assert_match(/ActionController::MethodNotAllowed/, body) + get "/unknown_http_method", {}, {'action_dispatch.show_exceptions' => true} + assert_response 405 + assert_match(/ActionController::UnknownHttpMethod/, body) + get "/bad_request", {}, {'action_dispatch.show_exceptions' => true} assert_response 400 assert_match(/ActionController::BadRequest/, body) diff --git a/actionpack/test/dispatch/show_exceptions_test.rb b/actionpack/test/dispatch/show_exceptions_test.rb index 45f8fc11b3..98bbcd954b 100644 --- a/actionpack/test/dispatch/show_exceptions_test.rb +++ b/actionpack/test/dispatch/show_exceptions_test.rb @@ -10,6 +10,8 @@ class ShowExceptionsTest < ActionDispatch::IntegrationTest raise AbstractController::ActionNotFound when "/method_not_allowed" raise ActionController::MethodNotAllowed + when "/unknown_http_method" + raise ActionController::UnknownHttpMethod when "/not_found_original_exception" raise ActionView::Template::Error.new('template', AbstractController::ActionNotFound.new) else @@ -41,6 +43,10 @@ class ShowExceptionsTest < ActionDispatch::IntegrationTest get "/method_not_allowed", {}, {'action_dispatch.show_exceptions' => true} assert_response 405 assert_equal "", body + + get "/unknown_http_method", {}, {'action_dispatch.show_exceptions' => true} + assert_response 405 + assert_equal "", body end test "localize rescue error page" do -- cgit v1.2.3