Sha256: 15bf03717bf5151efdcd6a2f3564d3b90fe7a591fa56f47c2f9f5122e17de07c

Contents?: true

Size: 1.62 KB

Versions: 7

Compression:

Stored size: 1.62 KB

Contents

require 'spec_helper'

# This controller is meant to be something that inherits config from application controller
# all values are defaulted because no initializer is configured, and the values in app controller
# only provide csp => false

describe ThingsController do
  describe "headers" do
    before(:each) do
        # Chrome
        request.env['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5'
    end

    it "sets the X-XSS-PROTECTION header" do
      get :index
      response.headers['X-XSS-Protection'].should == SecureHeaders::XXssProtection::Constants::DEFAULT_VALUE
    end

    it "sets the X-FRAME-OPTIONS header" do
      get :index
      response.headers['X-FRAME-OPTIONS'].should == SecureHeaders::XFrameOptions::Constants::DEFAULT_VALUE
    end

    it "sets the X-WebKit-CSP header" do
      get :index
      response.headers['X-WebKit-CSP-Report-Only'].should == nil
    end

    #mock ssl
    it "sets the STRICT-TRANSPORT-SECURITY header" do
      request.env['HTTPS'] = 'on'
      get :index
      response.headers['Strict-Transport-Security'].should == SecureHeaders::StrictTransportSecurity::Constants::DEFAULT_VALUE
    end

    context "using IE" do
      it "sets the X-CONTENT-TYPE-OPTIONS header" do
        request.env['HTTP_USER_AGENT'] = "Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0"
        get :index
        response.headers['X-Content-Type-Options'].should == "nosniff"
      end
    end
  end
end

Version data entries

7 entries across 7 versions & 1 rubygems

Version Path
secure_headers-0.4.3 fixtures/rails_3_2_12_no_init/spec/controllers/things_controller_spec.rb
secure_headers-0.4.2 fixtures/rails_3_2_12_no_init/spec/controllers/things_controller_spec.rb
secure_headers-0.4.1 fixtures/rails_3_2_12_no_init/spec/controllers/things_controller_spec.rb
secure_headers-0.4.0 fixtures/rails_3_2_12_no_init/spec/controllers/things_controller_spec.rb
secure_headers-0.3.0 fixtures/rails_3_2_12_no_init/spec/controllers/things_controller_spec.rb
secure_headers-0.2.1 fixtures/rails_3_2_12_no_init/spec/controllers/things_controller_spec.rb
secure_headers-0.2.0 fixtures/rails_3_2_12_no_init/spec/controllers/things_controller_spec.rb