/vendor/bundle/jruby/2.1/gems/rack-protection-1.5.3/spec/frame_options_spec.rb
Ruby | 39 lines | 28 code | 9 blank | 2 comment | 4 complexity | 80defb5557373b1165a05ac67ee44072 MD5 | raw file
1require File.expand_path('../spec_helper.rb', __FILE__) 2 3describe Rack::Protection::FrameOptions do 4 it_behaves_like "any rack application" 5 6 it 'should set the X-Frame-Options' do 7 get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "SAMEORIGIN" 8 end 9 10 it 'should not set the X-Frame-Options for other content types' do 11 get('/', {}, 'wants' => 'text/foo').headers["X-Frame-Options"].should be_nil 12 end 13 14 it 'should allow changing the protection mode' do 15 # I have no clue what other modes are available 16 mock_app do 17 use Rack::Protection::FrameOptions, :frame_options => :deny 18 run DummyApp 19 end 20 21 get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "DENY" 22 end 23 24 25 it 'should allow changing the protection mode to a string' do 26 # I have no clue what other modes are available 27 mock_app do 28 use Rack::Protection::FrameOptions, :frame_options => "ALLOW-FROM foo" 29 run DummyApp 30 end 31 32 get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "ALLOW-FROM foo" 33 end 34 35 it 'should not override the header if already set' do 36 mock_app with_headers("X-Frame-Options" => "allow") 37 get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "allow" 38 end 39end