test/spec_request.rb in rack-2.0.5 vs test/spec_request.rb in rack-2.0.6
- old
+ new
@@ -570,9 +570,14 @@
request = make_request(Rack::MockRequest.env_for("/", 'HTTP_X_FORWARDED_PROTO' => 'https, http, http'))
request.scheme.must_equal "https"
request.must_be :ssl?
end
+ it "prevents scheme abuse" do
+ request = make_request(Rack::MockRequest.env_for("/", 'HTTP_X_FORWARDED_SCHEME' => 'a."><script>alert(1)</script>'))
+ request.scheme.must_equal 'http'
+ end
+
it "parse cookies" do
req = make_request \
Rack::MockRequest.env_for("", "HTTP_COOKIE" => "foo=bar;quux=h&m")
req.cookies.must_equal "foo" => "bar", "quux" => "h&m"
req.cookies.must_equal "foo" => "bar", "quux" => "h&m"