RubygemsResearch

Sha256: 308d7564a11c5762917feb8003f4dd742d596cab1b17874f9922782b0787784f

Contents?: true

Size: 1.41 KB

Versions: 56

Compression:

Stored size: 1.41 KB

require File.expand_path('../spec_helper.rb', __FILE__)

describe Rack::Protection::SessionHijacking do
  it_behaves_like "any rack application"

  it "accepts a session without changes to tracked parameters" do
    session = {:foo => :bar}
    get '/', {}, 'rack.session' => session
    get '/', {}, 'rack.session' => session
    session[:foo].should == :bar
  end

  it "denies requests with a changing User-Agent header" do
    session = {:foo => :bar}
    get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'a'
    get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'b'
    session.should be_empty
  end

  it "denies requests with a changing Accept-Encoding header" do
    session = {:foo => :bar}
    get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'a'
    get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'b'
    session.should be_empty
  end

  it "denies requests with a changing Accept-Language header" do
    session = {:foo => :bar}
    get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
    get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'b'
    session.should be_empty
  end

  it "accepts requests with a changing Version header"do
    session = {:foo => :bar}
    get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.0'
    get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.1'
    session[:foo].should == :bar
  end
end

Version data entries

56 entries across 56 versions & 4 rubygems

Version	Path
classiccms-0.7.5	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.7.4	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.7.3	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.7.2	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.7.1	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.7.0	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.6.9	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.6.8	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.6.7	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.6.6	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.6.5	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.6.4	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.6.3	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.6.2	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.6.1	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.6.0	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.5.17	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.5.16	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.5.15	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb
classiccms-0.5.14	vendor/bundle/gems/rack-protection-1.2.0/spec/session_hijacking_spec.rb