kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity
sinatra/rack-protection/spec/lib/rack/protection/session_hijacking_spec.rb
Eloy Pérez d53ff943b8 Disable monkey patch for rack-protection
2022-02-05 13:32:44 +01:00

32 lines
1.2 KiB
Ruby
Raw Blame History

RSpec.describe Rack::Protection::SessionHijacking do
it_behaves_like "any rack application"
it "accepts a session without changes to tracked parameters" do
session = {:foo => :bar}
get '/', {}, 'rack.session' => session
get '/', {}, 'rack.session' => session
expect(session[:foo]).to eq(:bar)
end
it "denies requests with a changing User-Agent header" do
session = {:foo => :bar}
get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'a'
get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'b'
expect(session).to be_empty
end
it "accepts requests with a changing Accept-Encoding header" do
# this is tested because previously it led to clearing the session
session = {:foo => :bar}
get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'a'
get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'b'
expect(session).not_to be_empty
end
it "accepts requests with a changing Version header"do
session = {:foo => :bar}
get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.0'
get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.1'
expect(session[:foo]).to eq(:bar)
end
end
View git blame Copy permalink