Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
5d7b70f4
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
5d7b70f4
编写于
12月 09, 2017
作者:
G
Guillermo Iguaran
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add secure `X-Download-Options` and `X-Permitted-Cross-Domain-Policies` to default headers set.
上级
55d4cf2a
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
15 addition
and
4 deletion
+15
-4
actionpack/CHANGELOG.md
actionpack/CHANGELOG.md
+5
-0
actionpack/lib/action_dispatch/railtie.rb
actionpack/lib/action_dispatch/railtie.rb
+3
-1
actionpack/test/controller/metal_test.rb
actionpack/test/controller/metal_test.rb
+1
-1
actionpack/test/dispatch/response_test.rb
actionpack/test/dispatch/response_test.rb
+6
-2
未找到文件。
actionpack/CHANGELOG.md
浏览文件 @
5d7b70f4
*
Add secure
`X-Download-Options`
and
`X-Permitted-Cross-Domain-Policies`
to
default headers set.
*Guillermo Iguaran*
*
Add headless firefox support to System Tests.
*
Add headless firefox support to System Tests.
*bogdanvlviv*
*bogdanvlviv*
...
...
actionpack/lib/action_dispatch/railtie.rb
浏览文件 @
5d7b70f4
...
@@ -26,7 +26,9 @@ class Railtie < Rails::Railtie # :nodoc:
...
@@ -26,7 +26,9 @@ class Railtie < Rails::Railtie # :nodoc:
config
.
action_dispatch
.
default_headers
=
{
config
.
action_dispatch
.
default_headers
=
{
"X-Frame-Options"
=>
"SAMEORIGIN"
,
"X-Frame-Options"
=>
"SAMEORIGIN"
,
"X-XSS-Protection"
=>
"1; mode=block"
,
"X-XSS-Protection"
=>
"1; mode=block"
,
"X-Content-Type-Options"
=>
"nosniff"
"X-Content-Type-Options"
=>
"nosniff"
,
"X-Download-Options"
=>
"noopen"
,
"X-Permitted-Cross-Domain-Policies"
=>
"none"
}
}
config
.
action_dispatch
.
cookies_rotations
=
ActiveSupport
::
Messages
::
RotationConfiguration
.
new
config
.
action_dispatch
.
cookies_rotations
=
ActiveSupport
::
Messages
::
RotationConfiguration
.
new
...
...
actionpack/test/controller/metal_test.rb
浏览文件 @
5d7b70f4
...
@@ -9,7 +9,7 @@ def hello
...
@@ -9,7 +9,7 @@ def hello
end
end
end
end
def
test_response_
has
_default_headers
def
test_response_
does_not_have
_default_headers
original_default_headers
=
ActionDispatch
::
Response
.
default_headers
original_default_headers
=
ActionDispatch
::
Response
.
default_headers
ActionDispatch
::
Response
.
default_headers
=
{
ActionDispatch
::
Response
.
default_headers
=
{
...
...
actionpack/test/dispatch/response_test.rb
浏览文件 @
5d7b70f4
...
@@ -311,13 +311,15 @@ def test_only_set_charset_still_defaults_to_text_html
...
@@ -311,13 +311,15 @@ def test_only_set_charset_still_defaults_to_text_html
end
end
end
end
test
"read x_frame_options, x_content_type_options
and x_xss_protection
"
do
test
"read x_frame_options, x_content_type_options
, x_xss_protection, x_download_options and x_permitted_cross_domain_policies
"
do
original_default_headers
=
ActionDispatch
::
Response
.
default_headers
original_default_headers
=
ActionDispatch
::
Response
.
default_headers
begin
begin
ActionDispatch
::
Response
.
default_headers
=
{
ActionDispatch
::
Response
.
default_headers
=
{
"X-Frame-Options"
=>
"DENY"
,
"X-Frame-Options"
=>
"DENY"
,
"X-Content-Type-Options"
=>
"nosniff"
,
"X-Content-Type-Options"
=>
"nosniff"
,
"X-XSS-Protection"
=>
"1;"
"X-XSS-Protection"
=>
"1;"
,
"X-Download-Options"
=>
"noopen"
,
"X-Permitted-Cross-Domain-Policies"
=>
"none"
}
}
resp
=
ActionDispatch
::
Response
.
create
.
tap
{
|
response
|
resp
=
ActionDispatch
::
Response
.
create
.
tap
{
|
response
|
response
.
body
=
"Hello"
response
.
body
=
"Hello"
...
@@ -327,6 +329,8 @@ def test_only_set_charset_still_defaults_to_text_html
...
@@ -327,6 +329,8 @@ def test_only_set_charset_still_defaults_to_text_html
assert_equal
(
"DENY"
,
resp
.
headers
[
"X-Frame-Options"
])
assert_equal
(
"DENY"
,
resp
.
headers
[
"X-Frame-Options"
])
assert_equal
(
"nosniff"
,
resp
.
headers
[
"X-Content-Type-Options"
])
assert_equal
(
"nosniff"
,
resp
.
headers
[
"X-Content-Type-Options"
])
assert_equal
(
"1;"
,
resp
.
headers
[
"X-XSS-Protection"
])
assert_equal
(
"1;"
,
resp
.
headers
[
"X-XSS-Protection"
])
assert_equal
(
"noopen"
,
resp
.
headers
[
"X-Download-Options"
])
assert_equal
(
"none"
,
resp
.
headers
[
"X-Permitted-Cross-Domain-Policies"
])
ensure
ensure
ActionDispatch
::
Response
.
default_headers
=
original_default_headers
ActionDispatch
::
Response
.
default_headers
=
original_default_headers
end
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录