better NoReferrer check

2011-06-19 15:26:21 +02:00 · 2011-06-19 15:26:21 +02:00 · ec0df5969b
parent a4f827e9b4
commit ec0df5969b
2 changed files with 2 additions and 2 deletions
--- a/rack-protection/lib/rack/protection/no_referrer.rb
+++ b/rack-protection/lib/rack/protection/no_referrer.rb
@ -16,7 +16,7 @@ module Rack
      default_reaction :deny

      def accepts?(env)
-        safe?(env) or referrer(env)
+        safe?(env) or not env['HTTP_REFERER'].to_s.empty?
      end
    end
  end
--- a/rack-protection/spec/no_referrer_spec.rb
+++ b/rack-protection/spec/no_referrer_spec.rb
@ -15,7 +15,7 @@ describe Rack::Protection::NoReferrer do
    post('/', {}, 'HTTP_REFERER' => 'http://google.com').should be_ok
  end

-  it "should allow post request with an empty referrer" do
+  it "should not allow post request with an empty referrer" do
    post('/', {}, 'HTTP_REFERER' => '').should_not be_ok
  end
 end