mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
9d695743de
In Rails 4.2, `ActionController::Metal` controllers did not include the
default headers from `ActionDispatch::Response`. However, through e16afe6, and a
general shift towards having `ActionController::Metal` objects contain
`ActionDispatch::Response` objects (instead of just returning an array
of status, headers, and body), this behavior was lost. This PR helps to
restore the original behavior by having `ActionController::Metal`
controllers generate Response objects without the default headers, while
`ActionController::Base` now overrides the factory method to make sure
its version does have the default headers.
30 lines
871 B
Ruby
30 lines
871 B
Ruby
require "abstract_unit"
|
|
|
|
class MetalControllerInstanceTests < ActiveSupport::TestCase
|
|
class SimpleController < ActionController::Metal
|
|
def hello
|
|
self.response_body = "hello"
|
|
end
|
|
end
|
|
|
|
def test_response_has_default_headers
|
|
original_default_headers = ActionDispatch::Response.default_headers
|
|
|
|
ActionDispatch::Response.default_headers = {
|
|
"X-Frame-Options" => "DENY",
|
|
"X-Content-Type-Options" => "nosniff",
|
|
"X-XSS-Protection" => "1;"
|
|
}
|
|
|
|
response_headers = SimpleController.action("hello").call(
|
|
"REQUEST_METHOD" => "GET",
|
|
"rack.input" => -> {}
|
|
)[1]
|
|
|
|
refute response_headers.key?("X-Frame-Options")
|
|
refute response_headers.key?("X-Content-Type-Options")
|
|
refute response_headers.key?("X-XSS-Protection")
|
|
ensure
|
|
ActionDispatch::Response.default_headers = original_default_headers
|
|
end
|
|
end
|