Ensure that `redirect_back` with `fallback_location` to another host is allowed
I would like to add those tests to prevent regression.
This commit is contained in:
parent
1fecebae31
commit
5fc9c4fbdc
|
@ -68,10 +68,18 @@ class RedirectController < ActionController::Base
|
||||||
redirect_back(fallback_location: "/things/stuff", status: 307)
|
redirect_back(fallback_location: "/things/stuff", status: 307)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def redirect_back_with_status_and_fallback_location_to_another_host
|
||||||
|
redirect_back(fallback_location: "http://www.rubyonrails.org/", status: 307)
|
||||||
|
end
|
||||||
|
|
||||||
def safe_redirect_back_with_status
|
def safe_redirect_back_with_status
|
||||||
redirect_back(fallback_location: "/things/stuff", status: 307, allow_other_host: false)
|
redirect_back(fallback_location: "/things/stuff", status: 307, allow_other_host: false)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def safe_redirect_back_with_status_and_fallback_location_to_another_host
|
||||||
|
redirect_back(fallback_location: "http://www.rubyonrails.org/", status: 307, allow_other_host: false)
|
||||||
|
end
|
||||||
|
|
||||||
def host_redirect
|
def host_redirect
|
||||||
redirect_to action: "other_host", only_path: false, host: "other.test.host"
|
redirect_to action: "other_host", only_path: false, host: "other.test.host"
|
||||||
end
|
end
|
||||||
|
@ -280,6 +288,13 @@ class RedirectTest < ActionController::TestCase
|
||||||
assert_equal "http://test.host/things/stuff", redirect_to_url
|
assert_equal "http://test.host/things/stuff", redirect_to_url
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_redirect_back_with_no_referer_redirects_to_another_host
|
||||||
|
get :redirect_back_with_status_and_fallback_location_to_another_host
|
||||||
|
|
||||||
|
assert_response 307
|
||||||
|
assert_equal "http://www.rubyonrails.org/", redirect_to_url
|
||||||
|
end
|
||||||
|
|
||||||
def test_safe_redirect_back_from_other_host
|
def test_safe_redirect_back_from_other_host
|
||||||
@request.env["HTTP_REFERER"] = "http://another.host/coming/from"
|
@request.env["HTTP_REFERER"] = "http://another.host/coming/from"
|
||||||
get :safe_redirect_back_with_status
|
get :safe_redirect_back_with_status
|
||||||
|
@ -297,6 +312,20 @@ class RedirectTest < ActionController::TestCase
|
||||||
assert_equal referer, redirect_to_url
|
assert_equal referer, redirect_to_url
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_safe_redirect_back_with_no_referer
|
||||||
|
get :safe_redirect_back_with_status
|
||||||
|
|
||||||
|
assert_response 307
|
||||||
|
assert_equal "http://test.host/things/stuff", redirect_to_url
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_safe_redirect_back_with_no_referer_redirects_to_another_host
|
||||||
|
get :safe_redirect_back_with_status_and_fallback_location_to_another_host
|
||||||
|
|
||||||
|
assert_response 307
|
||||||
|
assert_equal "http://www.rubyonrails.org/", redirect_to_url
|
||||||
|
end
|
||||||
|
|
||||||
def test_redirect_to_record
|
def test_redirect_to_record
|
||||||
with_routing do |set|
|
with_routing do |set|
|
||||||
set.draw do
|
set.draw do
|
||||||
|
|
Loading…
Reference in New Issue