Disable monkey patch for rack-protection
This commit is contained in:
parent
5f95f553ab
commit
d53ff943b8
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::AuthenticityToken do
|
||||
RSpec.describe Rack::Protection::AuthenticityToken do
|
||||
let(:token) { described_class.random_token }
|
||||
let(:masked_token) { described_class.token(session) }
|
||||
let(:bad_token) { Base64.strict_encode64("badtoken") }
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::Base do
|
||||
RSpec.describe Rack::Protection::Base do
|
||||
|
||||
subject { described_class.new(lambda {}) }
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::ContentSecurityPolicy do
|
||||
RSpec.describe Rack::Protection::ContentSecurityPolicy do
|
||||
it_behaves_like "any rack application"
|
||||
|
||||
it 'should set the Content Security Policy' do
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::CookieTossing do
|
||||
RSpec.describe Rack::Protection::CookieTossing do
|
||||
it_behaves_like "any rack application"
|
||||
|
||||
context 'with default reaction' do
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::EscapedParams do
|
||||
RSpec.describe Rack::Protection::EscapedParams do
|
||||
it_behaves_like "any rack application"
|
||||
|
||||
context 'escaping' do
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::FormToken do
|
||||
RSpec.describe Rack::Protection::FormToken do
|
||||
let(:token) { described_class.random_token }
|
||||
let(:masked_token) { described_class.token(session) }
|
||||
let(:bad_token) { Base64.strict_encode64("badtoken") }
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::FrameOptions do
|
||||
RSpec.describe Rack::Protection::FrameOptions do
|
||||
it_behaves_like "any rack application"
|
||||
|
||||
it 'should set the X-Frame-Options' do
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::HttpOrigin do
|
||||
RSpec.describe Rack::Protection::HttpOrigin do
|
||||
it_behaves_like "any rack application"
|
||||
|
||||
before(:each) do
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::IPSpoofing do
|
||||
RSpec.describe Rack::Protection::IPSpoofing do
|
||||
it_behaves_like "any rack application"
|
||||
|
||||
it 'accepts requests without X-Forward-For header' do
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::JsonCsrf do
|
||||
RSpec.describe Rack::Protection::JsonCsrf do
|
||||
it_behaves_like "any rack application"
|
||||
|
||||
module DummyAppWithBody
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::PathTraversal do
|
||||
RSpec.describe Rack::Protection::PathTraversal do
|
||||
it_behaves_like "any rack application"
|
||||
|
||||
context 'escaping' do
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection do
|
||||
RSpec.describe Rack::Protection do
|
||||
it_behaves_like "any rack application"
|
||||
|
||||
it 'passes on options' do
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::RemoteReferrer do
|
||||
RSpec.describe Rack::Protection::RemoteReferrer do
|
||||
it_behaves_like "any rack application"
|
||||
|
||||
it "accepts post requests with no referrer" do
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::RemoteToken do
|
||||
RSpec.describe Rack::Protection::RemoteToken do
|
||||
let(:token) { described_class.random_token }
|
||||
let(:masked_token) { described_class.token(session) }
|
||||
let(:bad_token) { Base64.strict_encode64("badtoken") }
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::SessionHijacking do
|
||||
RSpec.describe Rack::Protection::SessionHijacking do
|
||||
it_behaves_like "any rack application"
|
||||
|
||||
it "accepts a session without changes to tracked parameters" do
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::StrictTransport do
|
||||
RSpec.describe Rack::Protection::StrictTransport do
|
||||
it_behaves_like "any rack application"
|
||||
|
||||
it 'should set the Strict-Transport-Security header' do
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
describe Rack::Protection::XSSHeader do
|
||||
RSpec.describe Rack::Protection::XSSHeader do
|
||||
it_behaves_like "any rack application"
|
||||
|
||||
it 'should set the X-XSS-Protection' do
|
||||
|
|
|
@ -21,8 +21,9 @@ Dir[File.expand_path('support/**/*.rb', __dir__)].each { |f| require f }
|
|||
#
|
||||
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
|
||||
RSpec.configure do |config|
|
||||
# The settings below are suggested to provide a good initial experience
|
||||
# with RSpec, but feel free to customize to your heart's content.
|
||||
# The settings below are suggested to provide a good initial experience
|
||||
# with RSpec, but feel free to customize to your heart's content.
|
||||
config.disable_monkey_patching!
|
||||
|
||||
# These two settings work together to allow you to limit a spec run
|
||||
# to individual examples or groups you care about by tagging them with
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
shared_examples_for 'any rack application' do
|
||||
RSpec.shared_examples_for 'any rack application' do
|
||||
it "should not interfere with normal get requests" do
|
||||
expect(get('/')).to be_ok
|
||||
expect(body).to eq('ok')
|
||||
|
|
Loading…
Reference in New Issue