sinatra/rack-protection/spec/lib/rack/protection/http_origin_spec.rb

describe Rack::Protection::HttpOrigin do
  it_behaves_like "any rack application"

  before(:each) do
    mock_app do
      use Rack::Protection::HttpOrigin
      run DummyApp
    end
  end

  %w(GET HEAD POST PUT DELETE).each do |method|
    it "accepts #{method} requests with no Origin" do
      expect(send(method.downcase, '/')).to be_ok
    end
  end

  %w(GET HEAD).each do |method|
    it "accepts #{method} requests with non-whitelisted Origin" do
      expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com')).to be_ok
    end
  end

  %w(POST PUT DELETE).each do |method|
    it "denies #{method} requests with non-whitelisted Origin" do
      expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com')).not_to be_ok
    end

    it "accepts #{method} requests with whitelisted Origin" do
      mock_app do
        use Rack::Protection::HttpOrigin, :origin_whitelist => ['http://www.friend.com']
        run DummyApp
      end
      expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://www.friend.com')).to be_ok
    end
  end
end
Specs for HTTP Origin 2012-01-30 03:57:10 -05:00			`describe Rack::Protection::HttpOrigin do`
			`it_behaves_like "any rack application"`

refactored spec 2012-05-12 11:23:25 -04:00			`before(:each) do`
			`mock_app do`
			`use Rack::Protection::HttpOrigin`
			`run DummyApp`
			`end`
			`end`

Specs for HTTP Origin 2012-01-30 03:57:10 -05:00			`%w(GET HEAD POST PUT DELETE).each do \|method\|`
			`it "accepts #{method} requests with no Origin" do`
Convert specs to RSpec 2.99.2 syntax with Transpec This conversion is done by Transpec 2.3.7 with the following command: transpec * 69 conversions from: obj.should to: expect(obj).to * 30 conversions from: == expected to: eq(expected) * 24 conversions from: obj.should_not to: expect(obj).not_to * 3 conversions from: it { should ... } to: it { is_expected.to ... } * 2 conversions from: be_false to: be_falsey * 1 conversion from: be_true to: be_truthy * 1 conversion from: obj.should_not_receive(:message) to: expect(obj).not_to receive(:message) * 1 conversion from: obj.should_receive(:message) to: expect(obj).to receive(:message) For more details: https://github.com/yujinakayama/transpec#supported-conversions 2014-09-02 19:54:36 -04:00			`expect(send(method.downcase, '/')).to be_ok`
Specs for HTTP Origin 2012-01-30 03:57:10 -05:00			`end`
			`end`

			`%w(GET HEAD).each do \|method\|`
			`it "accepts #{method} requests with non-whitelisted Origin" do`
Convert specs to RSpec 2.99.2 syntax with Transpec This conversion is done by Transpec 2.3.7 with the following command: transpec * 69 conversions from: obj.should to: expect(obj).to * 30 conversions from: == expected to: eq(expected) * 24 conversions from: obj.should_not to: expect(obj).not_to * 3 conversions from: it { should ... } to: it { is_expected.to ... } * 2 conversions from: be_false to: be_falsey * 1 conversion from: be_true to: be_truthy * 1 conversion from: obj.should_not_receive(:message) to: expect(obj).not_to receive(:message) * 1 conversion from: obj.should_receive(:message) to: expect(obj).to receive(:message) For more details: https://github.com/yujinakayama/transpec#supported-conversions 2014-09-02 19:54:36 -04:00			`expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com')).to be_ok`
Specs for HTTP Origin 2012-01-30 03:57:10 -05:00			`end`
			`end`

			`%w(POST PUT DELETE).each do \|method\|`
			`it "denies #{method} requests with non-whitelisted Origin" do`
Convert specs to RSpec 2.99.2 syntax with Transpec This conversion is done by Transpec 2.3.7 with the following command: transpec * 69 conversions from: obj.should to: expect(obj).to * 30 conversions from: == expected to: eq(expected) * 24 conversions from: obj.should_not to: expect(obj).not_to * 3 conversions from: it { should ... } to: it { is_expected.to ... } * 2 conversions from: be_false to: be_falsey * 1 conversion from: be_true to: be_truthy * 1 conversion from: obj.should_not_receive(:message) to: expect(obj).not_to receive(:message) * 1 conversion from: obj.should_receive(:message) to: expect(obj).to receive(:message) For more details: https://github.com/yujinakayama/transpec#supported-conversions 2014-09-02 19:54:36 -04:00			`expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com')).not_to be_ok`
Specs for HTTP Origin 2012-01-30 03:57:10 -05:00			`end`

			`it "accepts #{method} requests with whitelisted Origin" do`
			`mock_app do`
			`use Rack::Protection::HttpOrigin, :origin_whitelist => ['http://www.friend.com']`
			`run DummyApp`
			`end`
Convert specs to RSpec 2.99.2 syntax with Transpec This conversion is done by Transpec 2.3.7 with the following command: transpec * 69 conversions from: obj.should to: expect(obj).to * 30 conversions from: == expected to: eq(expected) * 24 conversions from: obj.should_not to: expect(obj).not_to * 3 conversions from: it { should ... } to: it { is_expected.to ... } * 2 conversions from: be_false to: be_falsey * 1 conversion from: be_true to: be_truthy * 1 conversion from: obj.should_not_receive(:message) to: expect(obj).not_to receive(:message) * 1 conversion from: obj.should_receive(:message) to: expect(obj).to receive(:message) For more details: https://github.com/yujinakayama/transpec#supported-conversions 2014-09-02 19:54:36 -04:00			`expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://www.friend.com')).to be_ok`
Specs for HTTP Origin 2012-01-30 03:57:10 -05:00			`end`
			`end`
			`end`