/vendor/bundle/jruby/2.1/gems/rack-protection-1.5.3/spec/frame_options_spec.rb

https://github.com/delowong/logstash · Ruby · 39 lines · 28 code · 9 blank · 2 comment · 4 complexity · 80defb5557373b1165a05ac67ee44072 MD5 · raw file

  1. require File.expand_path('../spec_helper.rb', __FILE__)
  2. describe Rack::Protection::FrameOptions do
  3. it_behaves_like "any rack application"
  4. it 'should set the X-Frame-Options' do
  5. get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "SAMEORIGIN"
  6. end
  7. it 'should not set the X-Frame-Options for other content types' do
  8. get('/', {}, 'wants' => 'text/foo').headers["X-Frame-Options"].should be_nil
  9. end
  10. it 'should allow changing the protection mode' do
  11. # I have no clue what other modes are available
  12. mock_app do
  13. use Rack::Protection::FrameOptions, :frame_options => :deny
  14. run DummyApp
  15. end
  16. get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "DENY"
  17. end
  18. it 'should allow changing the protection mode to a string' do
  19. # I have no clue what other modes are available
  20. mock_app do
  21. use Rack::Protection::FrameOptions, :frame_options => "ALLOW-FROM foo"
  22. run DummyApp
  23. end
  24. get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "ALLOW-FROM foo"
  25. end
  26. it 'should not override the header if already set' do
  27. mock_app with_headers("X-Frame-Options" => "allow")
  28. get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "allow"
  29. end
  30. end