Sha256: 4b0d0855eff4a7d55b19b95834dbcefd59ac8f9c6e2e9c03c7667fa216b58310

Contents?: true

Size: 1.17 KB

Versions: 3

Compression:

Stored size: 1.17 KB

Contents

# frozen_string_literal: true

RSpec.describe "X-XSS-Protection header", type: :integration do
  it "returns default value" do
    with_project do
      generate "action web home#index --url=/"

      server do
        get "/"

        expect(last_response.status).to                      eq(200)
        expect(last_response.headers["X-XSS-Protection"]).to eq("1; mode=block")
      end
    end
  end

  it "returns custom value" do
    with_project do
      generate "action web home#index --url=/"

      replace "apps/web/app.rb", "security.x_xss_protection '1; mode=block'", "security.x_xss_protection '0'"

      server do
        get "/"

        expect(last_response.status).to                      eq(200)
        expect(last_response.headers["X-XSS-Protection"]).to eq("0")
      end
    end
  end

  it "doesn't send header if setting is removed" do
    with_project do
      generate "action web home#index --url=/"

      replace "apps/web/app.rb", "security.x_xss_protection '1; mode=block'", ""

      server do
        get "/"

        expect(last_response.status).to      eq(200)
        expect(last_response.headers).to_not have_key("X-XSS-Protection")
      end
    end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
hanami-2.0.0.beta2 spec/integration/security/x_xss_protection_spec.rb
hanami-2.0.0.beta1.1 spec/integration/security/x_xss_protection_spec.rb
hanami-2.0.0.beta1 spec/integration/security/x_xss_protection_spec.rb