PageRenderTime 21ms CodeModel.GetById 14ms app.highlight 5ms RepoModel.GetById 1ms app.codeStats 0ms

/vendor/bundle/jruby/2.1/gems/rack-protection-1.5.3/spec/frame_options_spec.rb

https://github.com/delowong/logstash
Ruby | 39 lines | 28 code | 9 blank | 2 comment | 4 complexity | 80defb5557373b1165a05ac67ee44072 MD5 | raw file
 1require File.expand_path('../spec_helper.rb', __FILE__)
 2
 3describe Rack::Protection::FrameOptions do
 4  it_behaves_like "any rack application"
 5
 6  it 'should set the X-Frame-Options' do
 7    get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "SAMEORIGIN"
 8  end
 9
10  it 'should not set the X-Frame-Options for other content types' do
11    get('/', {}, 'wants' => 'text/foo').headers["X-Frame-Options"].should be_nil
12  end
13
14  it 'should allow changing the protection mode' do
15    # I have no clue what other modes are available
16    mock_app do
17      use Rack::Protection::FrameOptions, :frame_options => :deny
18      run DummyApp
19    end
20
21    get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "DENY"
22  end
23
24
25  it 'should allow changing the protection mode to a string' do
26    # I have no clue what other modes are available
27    mock_app do
28      use Rack::Protection::FrameOptions, :frame_options => "ALLOW-FROM foo"
29      run DummyApp
30    end
31
32    get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "ALLOW-FROM foo"
33  end
34
35  it 'should not override the header if already set' do
36    mock_app with_headers("X-Frame-Options" => "allow")
37    get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "allow"
38  end
39end