Permalink
Browse files

Merge pull request #32 from cheald/master

Don't choke on requests that end up without a content-type header
  • Loading branch information...
2 parents da869d6 + 367ef78 commit 0d1e3c54fc8e2c178d176193c9424158a90a42d9 @rkh rkh committed Dec 10, 2012
Showing with 27 additions and 2 deletions.
  1. +10 −2 lib/rack/protection/base.rb
  2. +17 −0 spec/protection_spec.rb
View
12 lib/rack/protection/base.rb 100644 → 100755
@@ -98,8 +98,16 @@ def encrypt(value)
alias default_reaction deny
def html?(headers)
- type = headers.detect { |k,v| k.downcase == 'content-type' }.last[/^\w+\/\w+/]
- type == 'text/html' or type == 'application/xhtml'
+ if type = headers.detect { |k,v| k.downcase == 'content-type' }
+ case type.last[/^\w+\/\w+/]
+ when 'text/html', 'application/xhtml'
+ true
+ else
+ false
+ end
+ else
+ false
+ end
end
end
end
View
17 spec/protection_spec.rb 100644 → 100755
@@ -17,4 +17,21 @@
get '/', {}, 'rack.session' => session, 'HTTP_FOO' => 'BAR'
session.should be_empty
end
+
+ describe "#html?" do
+ context "given an appropriate content-type header" do
+ subject { Rack::Protection::Base.new(nil).html?({'content-type' => "text/html"}) }
+ it { should be_true }
+ end
+
+ context "given an inappropriate content-type header" do
+ subject { Rack::Protection::Base.new(nil).html?({'content-type' => "image/gif"}) }
+ it { should be_false }
+ end
+
+ context "given no content-type header" do
+ subject { Rack::Protection::Base.new(nil).html?({}) }
+ it { should be_false }
+ end
+ end
end

0 comments on commit 0d1e3c5

Please sign in to comment.