aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/metal_test.rb
blob: c3ebcb22b8006d8ab744e622f5620f25254a95c5 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# frozen_string_literal: true

require "abstract_unit"

class MetalControllerInstanceTests < ActiveSupport::TestCase
  class SimpleController < ActionController::Metal
    def hello
      self.response_body = "hello"
    end
  end

  def test_response_does_not_have_default_headers
    original_default_headers = ActionDispatch::Response.default_headers

    ActionDispatch::Response.default_headers = {
      "X-Frame-Options" => "DENY",
      "X-Content-Type-Options" => "nosniff",
      "X-XSS-Protection" => "1;"
    }

    response_headers = SimpleController.action("hello").call(
      "REQUEST_METHOD" => "GET",
      "rack.input" => -> {}
    )[1]

    refute response_headers.key?("X-Frame-Options")
    refute response_headers.key?("X-Content-Type-Options")
    refute response_headers.key?("X-XSS-Protection")
  ensure
    ActionDispatch::Response.default_headers = original_default_headers
  end
end