consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
615bfadca87fc3a22a71c84cc6d06935eb935e4c
grecia/spec/controllers/pages_controller_spec.rb
Javi Martín d90efa15e4 Fix InvalidCrossOriginRequest response 
When requesting files like `/hackattempt.js`, the pages controller was
responding with 404 status code.

However, since the request was considered a JavaScript request (because
of the `.js` extension), the response was also considered to be a
JavaScript one, and since the request wasn't an AJAX request, our
protection from forgery was preventing a potential security issue by
raising an InvalidCrossOriginRequest exception.

By setting HTML as content type, we correctly respond with a 404 status
code.

More info:

https://die-antwort.eu/techblog/2018-08-avoid-invalid-cross-origin-request-with-catch-all-route/
2019-04-25 20:48:38 +02:00

53 lines
1.2 KiB
Ruby
Raw Blame History

require "rails_helper"
describe PagesController do
describe "Static pages" do
it "includes a privacy page" do
get :show, params: { id: :privacy }
expect(response).to be_ok
end
it "includes a conditions page" do
get :show, params: { id: :conditions }
expect(response).to be_ok
end
it "includes a accessibility page" do
get :show, params: { id: :accessibility }
expect(response).to be_ok
end
end
describe "More info pages" do
it "includes a more info page" do
get :show, params: { id: "help/index" }
expect(response).to be_ok
end
it "includes a how_to_use page" do
get :show, params: { id: "help/how_to_use/index" }
expect(response).to be_ok
end
it "includes a faq page" do
get :show, params: { id: :faq }
expect(response).to be_ok
end
end
describe "Not found pages" do
it "returns a 404 message" do
get :show, params: { id: "nonExistentPage" }
expect(response).to be_missing
end
it "returns a 404 message for a JavaScript request" do
get :show, params: { id: "nonExistentJavaScript.js" }
expect(response).to be_missing
end
end
end
Reference in New Issue View Git Blame Copy Permalink