Ensure that redirect_back with fallback_location to another host …

…is allowed I would like to add those tests to prevent regression.
albertoalmagro · Jan 25, 2019 · 5fc9c4f · 5fc9c4f
1 parent 1feceba
commit 5fc9c4f
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb
@@ -68,10 +68,18 @@ def redirect_back_with_status
     redirect_back(fallback_location: "/things/stuff", status: 307)
   end
 
+  def redirect_back_with_status_and_fallback_location_to_another_host
+    redirect_back(fallback_location: "http://www.rubyonrails.org/", status: 307)
+  end
+
   def safe_redirect_back_with_status
     redirect_back(fallback_location: "/things/stuff", status: 307, allow_other_host: false)
   end
 
+  def safe_redirect_back_with_status_and_fallback_location_to_another_host
+    redirect_back(fallback_location: "http://www.rubyonrails.org/", status: 307, allow_other_host: false)
+  end
+
   def host_redirect
     redirect_to action: "other_host", only_path: false, host: "other.test.host"
   end
@@ -280,6 +288,13 @@ def test_redirect_back_with_no_referer
     assert_equal "http://test.host/things/stuff", redirect_to_url
   end
 
+  def test_redirect_back_with_no_referer_redirects_to_another_host
+    get :redirect_back_with_status_and_fallback_location_to_another_host
+
+    assert_response 307
+    assert_equal "http://www.rubyonrails.org/", redirect_to_url
+  end
+
   def test_safe_redirect_back_from_other_host
     @request.env["HTTP_REFERER"] = "http://another.host/coming/from"
     get :safe_redirect_back_with_status
@@ -297,6 +312,20 @@ def test_safe_redirect_back_from_the_same_host
     assert_equal referer, redirect_to_url
   end
 
+  def test_safe_redirect_back_with_no_referer
+    get :safe_redirect_back_with_status
+
+    assert_response 307
+    assert_equal "http://test.host/things/stuff", redirect_to_url
+  end
+
+  def test_safe_redirect_back_with_no_referer_redirects_to_another_host
+    get :safe_redirect_back_with_status_and_fallback_location_to_another_host
+
+    assert_response 307
+    assert_equal "http://www.rubyonrails.org/", redirect_to_url
+  end
+
   def test_redirect_to_record
     with_routing do |set|
       set.draw do