include application/xml and text/xml content-types to valid html_types for Rack::Protection

create additional unit test add application/xml content-type
2018-03-27 20:13:44 -07:00 · 2018-03-27 20:13:44 -07:00 · 99897fa5d1
parent dac516088e
commit 99897fa5d1
2 changed files with 11 additions and 1 deletions
--- a/rack-protection/lib/rack/protection/base.rb
+++ b/rack-protection/lib/rack/protection/base.rb
@ -13,7 +13,7 @@ module Rack
        :session_key => 'rack.session',    :status    => 403,
        :allow_empty_referrer => true,
        :report_key           => "protection.failed",
-        :html_types           => %w[text/html application/xhtml]
+        :html_types           => %w[text/html application/xhtml text/xml application/xml]
      }

      attr_reader :app, :options
--- a/rack-protection/spec/lib/rack/protection/protection_spec.rb
+++ b/rack-protection/spec/lib/rack/protection/protection_spec.rb
@ -69,6 +69,16 @@ describe Rack::Protection do
      it { is_expected.to be_truthy }
    end

+    context "given an appropriate content-type header of text/xml" do
+      subject { Rack::Protection::Base.new(nil).html? 'content-type' => "text/xml" }
+      it { is_expected.to be_truthy }
+    end
+
+    context "given an appropriate content-type header of application/xml" do
+      subject { Rack::Protection::Base.new(nil).html? 'content-type' => "application/xml" }
+      it { is_expected.to be_truthy }
+    end
+
    context "given an inappropriate content-type header" do
      subject { Rack::Protection::Base.new(nil).html? 'content-type' => "image/gif" }
      it { is_expected.to be_falsey }