File: http_origin_spec.rb

package info (click to toggle)
ruby-rack-protection 1.5.2-1
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 216 kB
  • ctags: 99
  • sloc: ruby: 1,021; makefile: 2
file content (38 lines) | stat: -rw-r--r-- 1,136 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
require File.expand_path('../spec_helper.rb', __FILE__)

describe Rack::Protection::HttpOrigin do
  it_behaves_like "any rack application"

  before(:each) do
    mock_app do
      use Rack::Protection::HttpOrigin
      run DummyApp
    end
  end

  %w(GET HEAD POST PUT DELETE).each do |method|
    it "accepts #{method} requests with no Origin" do
      send(method.downcase, '/').should be_ok
    end
  end

  %w(GET HEAD).each do |method|
    it "accepts #{method} requests with non-whitelisted Origin" do
      send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com').should be_ok
    end
  end

  %w(POST PUT DELETE).each do |method|
    it "denies #{method} requests with non-whitelisted Origin" do
      send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com').should_not be_ok
    end

    it "accepts #{method} requests with whitelisted Origin" do
      mock_app do
        use Rack::Protection::HttpOrigin, :origin_whitelist => ['http://www.friend.com']
        run DummyApp
      end
      send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://www.friend.com').should be_ok
    end
  end
end