Fix broken origin_whitelist option #1641
This commit is contained in:
parent
0d7e580133
commit
d783aa7ba3
|
@ -34,7 +34,7 @@ module Rack
|
||||||
return true if options[:allow_if] && options[:allow_if].call(env)
|
return true if options[:allow_if] && options[:allow_if].call(env)
|
||||||
|
|
||||||
if options.key? :origin_whitelist
|
if options.key? :origin_whitelist
|
||||||
warn "Rack::Protection origin_whitelist option is deprecated and will be removed, " \
|
warn env, "Rack::Protection origin_whitelist option is deprecated and will be removed, " \
|
||||||
"use permitted_origins instead.\n"
|
"use permitted_origins instead.\n"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -35,12 +35,20 @@ describe Rack::Protection::HttpOrigin do
|
||||||
expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com')).not_to be_ok
|
expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com')).not_to be_ok
|
||||||
end
|
end
|
||||||
|
|
||||||
it "accepts #{method} requests with whitelisted Origin" do
|
it "accepts #{method} requests with permitted Origin" do
|
||||||
mock_app do
|
mock_app do
|
||||||
use Rack::Protection::HttpOrigin, permitted_origins: ['http://www.friend.com']
|
use Rack::Protection::HttpOrigin, permitted_origins: ['http://www.friend.com']
|
||||||
run DummyApp
|
run DummyApp
|
||||||
end
|
end
|
||||||
expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://www.friend.com')).to be_ok
|
expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://www.friend.com')).to be_ok
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "accepts #{method} requests with whitelisted Origin" do
|
||||||
|
mock_app do
|
||||||
|
use Rack::Protection::HttpOrigin, origin_whitelist: ['http://www.friend.com']
|
||||||
|
run DummyApp
|
||||||
|
end
|
||||||
|
expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://www.friend.com')).to be_ok
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue