1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
# frozen_string_literal: true
require "spec_helper"
module SecureHeaders
describe XFrameOptions do
describe "#value" do
specify { expect(XFrameOptions.make_header).to eq([XFrameOptions::HEADER_NAME, XFrameOptions::DEFAULT_VALUE]) }
specify { expect(XFrameOptions.make_header("DENY")).to eq([XFrameOptions::HEADER_NAME, "DENY"]) }
context "with invalid configuration" do
it "allows SAMEORIGIN" do
expect do
XFrameOptions.validate_config!("SAMEORIGIN")
end.not_to raise_error
end
it "allows DENY" do
expect do
XFrameOptions.validate_config!("DENY")
end.not_to raise_error
end
it "allows ALLOW-FROM*" do
expect do
XFrameOptions.validate_config!("ALLOW-FROM: example.com")
end.not_to raise_error
end
it "does not allow garbage" do
expect do
XFrameOptions.validate_config!("I like turtles")
end.to raise_error(XFOConfigError)
end
end
end
end
end
|
