From ec400a537a0947796e108f3593721289661b49dc Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Fri, 7 Jan 2011 10:14:46 -0800 Subject: http_response: do not skip Status header set by app Rack::Lint already stops apps from using it. If a developer insists on it, then users who inspect their HTTP headers can point and laugh at them for not using Rack::Lint! --- lib/unicorn/http_response.rb | 2 +- test/unit/test_response.rb | 12 ------------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/lib/unicorn/http_response.rb b/lib/unicorn/http_response.rb index 62b3ee9..03d3179 100644 --- a/lib/unicorn/http_response.rb +++ b/lib/unicorn/http_response.rb @@ -26,7 +26,7 @@ module Unicorn::HttpResponse "Status: #{status}\r\n" \ "Connection: close\r\n" headers.each do |key, value| - next if %r{\A(?:Date\z|Status\z|Connection\z)}i =~ key + next if %r{\A(?:Date\z|Connection\z)}i =~ key if value =~ /\n/ # avoiding blank, key-only cookies with /\n+/ buf << value.split(/\n+/).map! { |v| "#{key}: #{v}\r\n" }.join diff --git a/test/unit/test_response.rb b/test/unit/test_response.rb index c3d9baf..fb6edef 100644 --- a/test/unit/test_response.rb +++ b/test/unit/test_response.rb @@ -73,18 +73,6 @@ class ResponseTest < Test::Unit::TestCase assert_equal 1, out.string.split(/\r\n/).grep(/^Status: 200 OK/i).size end - # we always favor the code returned by the application, since "Status" - # in the header hash is not allowed by Rack (but not every app is - # fully Rack-compliant). - def test_status_header_ignores_app_hash - out = StringIO.new - header_hash = {"X-Whatever" => "stuff", 'StaTus' => "666" } - http_response_write(out,200, header_hash, []) - assert ! out.closed? - assert_equal 1, out.string.split(/\r\n/).grep(/^Status: 200 OK/i).size - assert_equal 1, out.string.split(/\r\n/).grep(/^Status:/i).size - end - def test_body_closed expect_body = %w(1 2 3 4).join("\n") body = StringIO.new(expect_body) -- cgit v1.2.3-24-ge0c7