Projects
Mega:24.03:SP1:Everything
rubygem-actionpack
_service:tar_scm:CVE-2024-28103-test.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2024-28103-test.patch of Package rubygem-actionpack
diff --git a/actionpack/test/dispatch/permissions_policy_test.rb b/actionpack/test/dispatch/permissions_policy_test.rb index 030e37942bd0e..533b59a55094d 100644 --- a/actionpack/test/dispatch/permissions_policy_test.rb +++ b/actionpack/test/dispatch/permissions_policy_test.rb @@ -41,6 +41,57 @@ def test_invalid_directive_source end end +class PermissionsPolicyMiddlewareTest < ActionDispatch::IntegrationTest + APP = ->(env) { [200, {}, []] } + + POLICY = ActionDispatch::PermissionsPolicy.new do |p| + p.gyroscope :self + end + + class PolicyConfigMiddleware + def initialize(app) + @app = app + end + + def call(env) + env["action_dispatch.permissions_policy"] = POLICY + env["action_dispatch.show_exceptions"] = :none + + @app.call(env) + end + end + + test "html requests will set a policy" do + @app = build_app(->(env) { [200, { Rack::CONTENT_TYPE => "text/html" }, []] }) + # Dummy CONTENT_TYPE to avoid including backport of the following commit in + # a security-related patch: + # https://github.com/rails/rails/commit/060887d4c55a8b4038dd4662712007d07e74e625 + get "/index", headers: { Rack::CONTENT_TYPE => 'cant/be-nil' } + + assert_equal "text/html", response.headers['Content-Type'] + assert_equal "gyroscope 'self'", response.headers['Feature-Policy'] + end + + test "non-html requests will set a policy" do + @app = build_app(->(env) { [200, { Rack::CONTENT_TYPE => "application/json" }, []] }) + get "/index", headers: { Rack::CONTENT_TYPE => 'cant/be-nil' } + + assert_equal "application/json", response.headers['Content-Type'] + assert_equal "gyroscope 'self'", response.headers['Feature-Policy'] + end + + private + def build_app(app) + PolicyConfigMiddleware.new( + Rack::Lint.new( + ActionDispatch::PermissionsPolicy::Middleware.new( + Rack::Lint.new(app), + ), + ), + ) + end +end + class PermissionsPolicyIntegrationTest < ActionDispatch::IntegrationTest class PolicyController < ActionController::Base permissions_policy only: :index do |f|
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2