Merge pull request #1642 from takeshi-yashiro/fix-broken-origin-white…

…list Fix broken origin_whitelist option #1641
sinatra · Sep 25, 2020 · eebec27 · eebec27
2 parents 6d06e49 + d783aa7
commit eebec27
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/rack-protection/lib/rack/protection/http_origin.rb b/rack-protection/lib/rack/protection/http_origin.rb
@@ -34,7 +34,7 @@ def accepts?(env)
         return true if options[:allow_if] && options[:allow_if].call(env)
 
         if options.key? :origin_whitelist
-          warn "Rack::Protection origin_whitelist option is deprecated and will be removed, " \
+          warn env, "Rack::Protection origin_whitelist option is deprecated and will be removed, " \
             "use permitted_origins instead.\n"
         end
 

diff --git a/rack-protection/spec/lib/rack/protection/http_origin_spec.rb b/rack-protection/spec/lib/rack/protection/http_origin_spec.rb
@@ -35,12 +35,20 @@
       expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com')).not_to be_ok
     end
 
-    it "accepts #{method} requests with whitelisted Origin" do
+    it "accepts #{method} requests with permitted Origin" do
       mock_app do
         use Rack::Protection::HttpOrigin, permitted_origins: ['http://www.friend.com']
         run DummyApp
       end
       expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://www.friend.com')).to be_ok
     end
+
+    it "accepts #{method} requests with whitelisted Origin" do
+      mock_app do
+        use Rack::Protection::HttpOrigin, origin_whitelist: ['http://www.friend.com']
+        run DummyApp
+      end
+      expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://www.friend.com')).to be_ok
+    end
   end
 end