Fix broken origin_whitelist option #1641

rack-protection/lib/rack/protection/http_origin.rb

@@ -34,7 +34,7 @@ module Rack
         return true if options[:allow_if] && options[:allow_if].call(env)
 
         if options.key? :origin_whitelist
-          warn "Rack::Protection origin_whitelist option is deprecated and will be removed, " \
+          warn env, "Rack::Protection origin_whitelist option is deprecated and will be removed, " \
             "use permitted_origins instead.\n"
         end
 

rack-protection/spec/lib/rack/protection/http_origin_spec.rb

@@ -35,12 +35,20 @@ describe Rack::Protection::HttpOrigin do
       expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com')).not_to be_ok
     end
 
-    it "accepts #{method} requests with whitelisted Origin" do
+    it "accepts #{method} requests with permitted Origin" do
       mock_app do
         use Rack::Protection::HttpOrigin, permitted_origins: ['http://www.friend.com']
         run DummyApp
       end
       expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://www.friend.com')).to be_ok
     end
+
+    it "accepts #{method} requests with whitelisted Origin" do
+      mock_app do
+        use Rack::Protection::HttpOrigin, origin_whitelist: ['http://www.friend.com']
+        run DummyApp
+      end
+      expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://www.friend.com')).to be_ok
+    end
   end
 end