kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity

Add regression test for issue #50

Browse source 
Running specs you get

Failures:

  1) Rack::Protection::JsonCsrf with drop_session as default reaction reset the session
     Failure/Error: get('/', {}, 'HTTP_REFERER' => 'http://evil.com', 'rack.session' => session)
     NoMethodError:
       undefined method `detect' for nil:NilClass
     # ./lib/rack/protection/base.rb:107:in `html?'
     # ./lib/rack/protection/frame_options.rb:32:in `call'
     # ./spec/json_csrf_spec.rb:54:in `block (3 levels) in <top (required)>'
This commit is contained in:
Matteo Centenaro 2013-04-08 11:15:32 +02:00
parent 8902670010
commit ac79948aaa
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
rack-protection/spec/json_csrf_spec.rb
View file

@ -31,6 +31,7 @@ describe Rack::Protection::JsonCsrf do
it "accepts XHR requests" do
get('/', {}, 'HTTP_REFERER' => 'http://evil.com', 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest').should be_ok
end
end
describe 'not json response' do
@ -41,4 +42,18 @@ describe Rack::Protection::JsonCsrf do
end
end
describe 'with drop_session as default reaction' do
it 'reset the session' do
mock_app do
use Rack::Protection, :reaction => :drop_session
run proc { |e| [200, {'Content-Type' => 'application/json'}, []]}
end
session = {:foo => :bar}
get('/', {}, 'HTTP_REFERER' => 'http://evil.com', 'rack.session' => session)
last_response.should be_ok
session.should be_empty
end
end
end