2017-07-24 16:20:53 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-03-29 17:36:54 -04:00
|
|
|
require "abstract_unit"
|
|
|
|
|
|
|
|
class MetalControllerInstanceTests < ActiveSupport::TestCase
|
|
|
|
class SimpleController < ActionController::Metal
|
|
|
|
def hello
|
|
|
|
self.response_body = "hello"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-12-09 15:41:55 -05:00
|
|
|
def test_response_does_not_have_default_headers
|
2017-03-29 17:36:54 -04:00
|
|
|
original_default_headers = ActionDispatch::Response.default_headers
|
|
|
|
|
|
|
|
ActionDispatch::Response.default_headers = {
|
|
|
|
"X-Frame-Options" => "DENY",
|
|
|
|
"X-Content-Type-Options" => "nosniff",
|
|
|
|
"X-XSS-Protection" => "1;"
|
|
|
|
}
|
|
|
|
|
|
|
|
response_headers = SimpleController.action("hello").call(
|
|
|
|
"REQUEST_METHOD" => "GET",
|
|
|
|
"rack.input" => -> {}
|
|
|
|
)[1]
|
|
|
|
|
2018-01-24 22:04:11 -05:00
|
|
|
assert_not response_headers.key?("X-Frame-Options")
|
|
|
|
assert_not response_headers.key?("X-Content-Type-Options")
|
|
|
|
assert_not response_headers.key?("X-XSS-Protection")
|
2017-03-29 17:36:54 -04:00
|
|
|
ensure
|
|
|
|
ActionDispatch::Response.default_headers = original_default_headers
|
|
|
|
end
|
|
|
|
end
|