Skip to content
This repository has been archived by the owner on May 16, 2021. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #32 from cheald/master
Don't choke on requests that end up without a content-type header
  • Loading branch information
rkh committed Dec 10, 2012
2 parents da869d6 + 367ef78 commit 0d1e3c5
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 2 deletions.
12 changes: 10 additions & 2 deletions lib/rack/protection/base.rb 100644 → 100755
Expand Up @@ -98,8 +98,16 @@ def encrypt(value)
alias default_reaction deny alias default_reaction deny


def html?(headers) def html?(headers)
type = headers.detect { |k,v| k.downcase == 'content-type' }.last[/^\w+\/\w+/] if type = headers.detect { |k,v| k.downcase == 'content-type' }
type == 'text/html' or type == 'application/xhtml' case type.last[/^\w+\/\w+/]
when 'text/html', 'application/xhtml'
true
else
false
end
else
false
end
end end
end end
end end
Expand Down
17 changes: 17 additions & 0 deletions spec/protection_spec.rb 100644 → 100755
Expand Up @@ -17,4 +17,21 @@
get '/', {}, 'rack.session' => session, 'HTTP_FOO' => 'BAR' get '/', {}, 'rack.session' => session, 'HTTP_FOO' => 'BAR'
session.should be_empty session.should be_empty
end end

describe "#html?" do
context "given an appropriate content-type header" do
subject { Rack::Protection::Base.new(nil).html?({'content-type' => "text/html"}) }
it { should be_true }
end

context "given an inappropriate content-type header" do
subject { Rack::Protection::Base.new(nil).html?({'content-type' => "image/gif"}) }
it { should be_false }
end

context "given no content-type header" do
subject { Rack::Protection::Base.new(nil).html?({}) }
it { should be_false }
end
end
end end

0 comments on commit 0d1e3c5

Please sign in to comment.