Sha256: 83c4e81d18ba1503b69f6f4a85616089b886c2d6bd387b921ef1f116a4f58a7e

Contents?: true

Size: 1.2 KB

Versions: 3

Compression:

Stored size: 1.2 KB

Contents

# frozen_string_literal: true

RSpec.describe "X-Frame-Options header", type: :integration do
  it "returns default value" do
    with_project do
      generate "action web home#index --url=/"

      server do
        get "/"

        expect(last_response.status).to                     eq(200)
        expect(last_response.headers["X-Frame-Options"]).to eq("DENY")
      end
    end
  end

  it "returns custom value" do
    with_project do
      generate "action web home#index --url=/"

      replace "apps/web/app.rb", "security.x_frame_options 'DENY'", "security.x_frame_options 'ALLOW-FROM https://example.test/'"

      server do
        get "/"

        expect(last_response.status).to                     eq(200)
        expect(last_response.headers["X-Frame-Options"]).to eq("ALLOW-FROM https://example.test/")
      end
    end
  end

  it "doesn't send header if setting is removed" do
    with_project do
      generate "action web home#index --url=/"

      replace "apps/web/app.rb", "security.x_frame_options 'DENY'", ""

      server do
        get "/"

        expect(last_response.status).to      eq(200)
        expect(last_response.headers).to_not have_key("X-Frame-Options")
      end
    end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
hanami-2.0.0.beta2 spec/integration/security/x_frame_options_spec.rb
hanami-2.0.0.beta1.1 spec/integration/security/x_frame_options_spec.rb
hanami-2.0.0.beta1 spec/integration/security/x_frame_options_spec.rb