SECURITY: Don't reuse CSP nonce between anonymous requests

2025-06-05 14:07:30 +08:00 · 2023-07-28 12:53:44 +01:00
parent 672f3e7e41
commit 0976c8fad6
15 changed files with 105 additions and 22 deletions
--- a/spec/lib/middleware/anonymous_cache_spec.rb
+++ b/spec/lib/middleware/anonymous_cache_spec.rb
@ -3,6 +3,8 @@
 RSpec.describe Middleware::AnonymousCache do
  let(:middleware) { Middleware::AnonymousCache.new(lambda { |_| [200, {}, []] }) }

+  before { Middleware::AnonymousCache.enable_anon_cache }
+
  def env(opts = {})
    create_request_env(path: opts.delete(:path) || "http://test.com/path?bla=1").merge(opts)
  end
--- a/spec/lib/middleware/request_tracker_spec.rb
+++ b/spec/lib/middleware/request_tracker_spec.rb
@ -677,6 +677,8 @@ RSpec.describe Middleware::RequestTracker do
    after { Middleware::RequestTracker.unregister_detailed_request_logger(logger) }

    it "can report data from anon cache" do
+      Middleware::AnonymousCache.enable_anon_cache
+
      cache = Middleware::AnonymousCache.new(app([200, {}, ["i am a thing"]]))
      tracker = Middleware::RequestTracker.new(cache)