Permalink
Browse files

Add regression test for issue #50

Running specs you get

Failures:

  1) Rack::Protection::JsonCsrf with drop_session as default reaction reset the session
     Failure/Error: get('/', {}, 'HTTP_REFERER' => 'http://evil.com', 'rack.session' => session)
     NoMethodError:
       undefined method `detect' for nil:NilClass
     # ./lib/rack/protection/base.rb:107:in `html?'
     # ./lib/rack/protection/frame_options.rb:32:in `call'
     # ./spec/json_csrf_spec.rb:54:in `block (3 levels) in <top (required)>'
  • Loading branch information...
bugant committed Apr 8, 2013
1 parent b45d31c commit d1f0300904ba41c11e726be788129ae234c9b326
Showing with 15 additions and 0 deletions.
  1. +15 −0 spec/json_csrf_spec.rb
View
@@ -31,6 +31,7 @@
it "accepts XHR requests" do
get('/', {}, 'HTTP_REFERER' => 'http://evil.com', 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest').should be_ok
end
+
end
describe 'not json response' do
@@ -41,4 +42,18 @@
end
end
+
+ describe 'with drop_session as default reaction' do
+ it 'reset the session' do
+ mock_app do
+ use Rack::Protection, :reaction => :drop_session
+ run proc { |e| [200, {'Content-Type' => 'application/json'}, []]}
+ end
+
+ session = {:foo => :bar}
+ get('/', {}, 'HTTP_REFERER' => 'http://evil.com', 'rack.session' => session)
+ last_response.should be_ok
+ session.should be_empty
+ end
+ end
end

0 comments on commit d1f0300

Please sign in to comment.