blob: c3ebcb22b8006d8ab744e622f5620f25254a95c5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
# frozen_string_literal: true
require "abstract_unit"
class MetalControllerInstanceTests < ActiveSupport::TestCase
class SimpleController < ActionController::Metal
def hello
self.response_body = "hello"
end
end
def test_response_does_not_have_default_headers
original_default_headers = ActionDispatch::Response.default_headers
ActionDispatch::Response.default_headers = {
"X-Frame-Options" => "DENY",
"X-Content-Type-Options" => "nosniff",
"X-XSS-Protection" => "1;"
}
response_headers = SimpleController.action("hello").call(
"REQUEST_METHOD" => "GET",
"rack.input" => -> {}
)[1]
refute response_headers.key?("X-Frame-Options")
refute response_headers.key?("X-Content-Type-Options")
refute response_headers.key?("X-XSS-Protection")
ensure
ActionDispatch::Response.default_headers = original_default_headers
end
end
|