kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity

make session hijacking middleware ignore case, fixes #11

Browse source
This commit is contained in:
Konstantin Haase 2012-12-10 16:26:11 +01:00
parent 8bdc924367
commit 8010a8fe9a
2 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
rack-protection/lib/rack/protection/session_hijacking.rb
View file

@ -28,7 +28,8 @@ module Rack
end
def encrypt(value)
options[:encrypt_tracking] ? super(value) : value.to_s
value = value.to_s.downcase
options[:encrypt_tracking] ? super(value) : value
end
end
end

14
rack-protection/spec/session_hijacking_spec.rb
View file

@ -31,6 +31,20 @@ describe Rack::Protection::SessionHijacking do
session.should be_empty
end
it "accepts requests with the same Accept-Language header" do
session = {:foo => :bar}
get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
session.should_not be_empty
end
it "comparison of Accept-Language header is not case sensitive" do
session = {:foo => :bar}
get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'A'
session.should_not be_empty
end
it "accepts requests with a changing Version header"do
session = {:foo => :bar}
get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.0'