diff options
author | Azul <azul@riseup.net> | 2017-03-17 16:33:32 +0100 |
---|---|---|
committer | Azul <azul@riseup.net> | 2017-03-20 09:01:14 +0100 |
commit | 74eb83587dd9c2e566e053cc0d33bb7aff517f01 (patch) | |
tree | 61d36ef66310be7bd4f79cf88fec12bee63f61c7 /test/integration | |
parent | 1a69dc86077e5bbde4b6a8f181e5711384c1f253 (diff) |
bugfix: format: html for home roots
That's the only thing the controller handles meaningful.
Before the route would also catch anything that started with a . interpreting
it as a format string. This lead to lots of false positives in our security
scanner.
Diffstat (limited to 'test/integration')
-rw-r--r-- | test/integration/routes/no_route_test.rb | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/test/integration/routes/no_route_test.rb b/test/integration/routes/no_route_test.rb new file mode 100644 index 0000000..a570f85 --- /dev/null +++ b/test/integration/routes/no_route_test.rb @@ -0,0 +1,17 @@ +require 'test_helper' + +class NoRouteTest < ActionDispatch::IntegrationTest + + def test_path_with_dot + assert_no_route '.viminfo' + end + + def assert_no_route(path, options = {}) + options[:method] ||= :get + path = "/#{path}" unless path.first == "/" + params = @routes.recognize_path(path, method: :get) + flunk "Expected no route to '#{path}' but found: #{params.inspect}" + rescue ActionController::RoutingError + pass + end +end |