class MetalControllerInstanceTests

Public Instance Methods

test_response_has_default_headers() click to toggle source
# File actionpack/test/controller/metal_test.rb, line 12
def test_response_has_default_headers
  original_default_headers = ActionDispatch::Response.default_headers

  ActionDispatch::Response.default_headers = {
    "X-Frame-Options" => "DENY",
    "X-Content-Type-Options" => "nosniff",
    "X-XSS-Protection" => "1;"
  }

  response_headers = SimpleController.action("hello").call(
    "REQUEST_METHOD" => "GET",
    "rack.input" => -> {}
  )[1]

  refute response_headers.key?("X-Frame-Options")
  refute response_headers.key?("X-Content-Type-Options")
  refute response_headers.key?("X-XSS-Protection")
ensure
  ActionDispatch::Response.default_headers = original_default_headers
end