From 09e10ef643f00c6b4c5877438ed50d2a5f199522 Mon Sep 17 00:00:00 2001
From: adamliesko <adamliesko@gmail.com>
Date: Sat, 5 Dec 2015 22:58:31 +0100
Subject: Allow regexp for a allowed_request_origins array

---
 test/connection/cross_site_forgery_test.rb | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'test/connection/cross_site_forgery_test.rb')

diff --git a/test/connection/cross_site_forgery_test.rb b/test/connection/cross_site_forgery_test.rb
index 166abb7b38..ede3057e30 100644
--- a/test/connection/cross_site_forgery_test.rb
+++ b/test/connection/cross_site_forgery_test.rb
@@ -40,6 +40,20 @@ class ActionCable::Connection::CrossSiteForgeryTest < ActionCable::TestCase
     assert_origin_not_allowed 'http://hax.com'
   end
 
+  test "explicitly specified a single regexp allowed origin" do
+    @server.config.allowed_request_origins = /.*ha.*/
+    assert_origin_not_allowed 'http://rubyonrails.com'
+    assert_origin_allowed 'http://hax.com'
+  end
+
+  test "explicitly specified multiple regexp allowed origins" do
+    @server.config.allowed_request_origins = [/http:\/\/ruby.*/, /.*rai.s.*com/, 'string' ]
+    assert_origin_allowed 'http://rubyonrails.com'
+    assert_origin_allowed 'http://www.rubyonrails.com'
+    assert_origin_not_allowed 'http://hax.com'
+    assert_origin_not_allowed 'http://rails.co.uk'
+  end
+
   private
     def assert_origin_allowed(origin)
       response = connect_with_origin origin
-- 
cgit v1.2.3