Permalink
Browse files

Don't choke on requests that end up without a content-type header

  • Loading branch information...
1 parent da869d6 commit 367ef785defd7d49b591f07ea682b440b2437540 @cheald cheald committed Dec 10, 2012
Showing with 27 additions and 2 deletions.
  1. +10 −2 lib/rack/protection/base.rb
  2. +17 −0 spec/protection_spec.rb
View
12 lib/rack/protection/base.rb 100644 → 100755
@@ -98,8 +98,16 @@ def encrypt(value)
alias default_reaction deny
def html?(headers)
- type = headers.detect { |k,v| k.downcase == 'content-type' }.last[/^\w+\/\w+/]
- type == 'text/html' or type == 'application/xhtml'
+ if type = headers.detect { |k,v| k.downcase == 'content-type' }
+ case type.last[/^\w+\/\w+/]
+ when 'text/html', 'application/xhtml'
+ true
+ else
+ false
+ end
+ else
+ false
+ end
end
end
end
View
17 spec/protection_spec.rb 100644 → 100755
@@ -17,4 +17,21 @@
get '/', {}, 'rack.session' => session, 'HTTP_FOO' => 'BAR'
session.should be_empty
end
+
+ describe "#html?" do
+ context "given an appropriate content-type header" do
+ subject { Rack::Protection::Base.new(nil).html?({'content-type' => "text/html"}) }
+ it { should be_true }
+ end
+
+ context "given an inappropriate content-type header" do
+ subject { Rack::Protection::Base.new(nil).html?({'content-type' => "image/gif"}) }
+ it { should be_false }
+ end
+
+ context "given no content-type header" do
+ subject { Rack::Protection::Base.new(nil).html?({}) }
+ it { should be_false }
+ end
+ end
end

0 comments on commit 367ef78

Please sign in to comment.