better NoReferrer check
This commit is contained in:
parent
a4f827e9b4
commit
ec0df5969b
|
@ -16,7 +16,7 @@ module Rack
|
|||
default_reaction :deny
|
||||
|
||||
def accepts?(env)
|
||||
safe?(env) or referrer(env)
|
||||
safe?(env) or not env['HTTP_REFERER'].to_s.empty?
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -15,7 +15,7 @@ describe Rack::Protection::NoReferrer do
|
|||
post('/', {}, 'HTTP_REFERER' => 'http://google.com').should be_ok
|
||||
end
|
||||
|
||||
it "should allow post request with an empty referrer" do
|
||||
it "should not allow post request with an empty referrer" do
|
||||
post('/', {}, 'HTTP_REFERER' => '').should_not be_ok
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue