kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity

Replace origin_whitelist with origin_permitted

Browse source
This commit is contained in:
rhymes 2020-07-11 18:01:34 +02:00
parent 380a833e2c
commit 166da3084d
No known key found for this signature in database
GPG key ID: A3853C53AF667707
2 changed files with 14 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
rack-protection/spec/lib/rack/protection/http_origin_spec.rb
View file

@ -15,7 +15,7 @@ describe Rack::Protection::HttpOrigin do
end
%w(GET HEAD).each do |method|
it "accepts #{method} requests with non-whitelisted Origin" do
it "accepts #{method} requests with non-permitted Origin" do
expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com')).to be_ok
end
end
@ -31,13 +31,13 @@ describe Rack::Protection::HttpOrigin do
end
%w(POST PUT DELETE).each do |method|
it "denies #{method} requests with non-whitelisted Origin" do
it "denies #{method} requests with non-permitted Origin" do
expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com')).not_to be_ok
end
it "accepts #{method} requests with whitelisted Origin" do
mock_app do
use Rack::Protection::HttpOrigin, :origin_whitelist => ['http://www.friend.com']
use Rack::Protection::HttpOrigin, :origin_permitted => ['http://www.friend.com']
run DummyApp
end
expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://www.friend.com')).to be_ok