2017-07-24 20:20:53 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-03-29 21:36:54 +00:00
|
|
|
require "abstract_unit"
|
|
|
|
|
|
|
|
class MetalControllerInstanceTests < ActiveSupport::TestCase
|
|
|
|
class SimpleController < ActionController::Metal
|
|
|
|
def hello
|
|
|
|
self.response_body = "hello"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-12-09 20:41:55 +00:00
|
|
|
def test_response_does_not_have_default_headers
|
2017-03-29 21:36:54 +00:00
|
|
|
original_default_headers = ActionDispatch::Response.default_headers
|
|
|
|
|
|
|
|
ActionDispatch::Response.default_headers = {
|
|
|
|
"X-Frame-Options" => "DENY",
|
|
|
|
"X-Content-Type-Options" => "nosniff",
|
2021-09-14 13:14:21 +00:00
|
|
|
"X-XSS-Protection" => "0"
|
2017-03-29 21:36:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
response_headers = SimpleController.action("hello").call(
|
|
|
|
"REQUEST_METHOD" => "GET",
|
2018-09-25 17:18:20 +00:00
|
|
|
"rack.input" => -> { }
|
2017-03-29 21:36:54 +00:00
|
|
|
)[1]
|
|
|
|
|
2018-01-25 03:04:11 +00:00
|
|
|
assert_not response_headers.key?("X-Frame-Options")
|
|
|
|
assert_not response_headers.key?("X-Content-Type-Options")
|
|
|
|
assert_not response_headers.key?("X-XSS-Protection")
|
2017-03-29 21:36:54 +00:00
|
|
|
ensure
|
|
|
|
ActionDispatch::Response.default_headers = original_default_headers
|
|
|
|
end
|
2020-09-03 18:44:24 +00:00
|
|
|
|
|
|
|
def test_inspect
|
|
|
|
controller = SimpleController.new
|
|
|
|
assert_match(/\A#<MetalControllerInstanceTests::SimpleController:0x[0-9a-f]+>\z/, controller.inspect)
|
|
|
|
end
|
2017-03-29 21:36:54 +00:00
|
|
|
end
|