Merge pull request #267 from castle/CAS-12693/do-not-pass-non-string-…

…header-values

Filter out non string header values

gemfiles/rails_7.gemfile

@@ -5,7 +5,7 @@
 source 'https://rubygems.org'
 
 gem 'rack'
-gem 'rails', '~> 7.0'
+gem 'rails', '~> 7.1'
 gem 'rake'
 
 group :development, :test do

lib/castle/headers/filter.rb

@@ -31,7 +31,7 @@ def call
             next unless header_name.match(VALUABLE_HEADERS)
 
             formatted_name = @header_format.call(header_name)
-            acc[formatted_name] = @request_env[header_name]
+            acc[formatted_name] = @request_env[header_name].to_s
           end
       end
     end

spec/integration/rails/support/application.rb

@@ -3,8 +3,8 @@
 require 'action_controller/railtie'
 
 class TestApp < Rails::Application
-  secrets.secret_token = 'secret_token'
-  secrets.secret_key_base = 'secret_key_base'
+  credentials.secret_token = 'secret_token'
+  credentials.secret_key_base = 'secret_key_base'
 
   config.logger = Logger.new($stdout)
   Rails.logger = config.logger

spec/lib/castle/headers/filter_spec.rb

@@ -15,7 +15,8 @@
         'HTTP_USER_AGENT' => 'Mozilla 1234',
         'TEST' => '1',
         'REMOTE_ADDR' => '1.2.3.4',
-        'HTTP_CONTENT_LENGTH' => '0'
+        'HTTP_CONTENT_LENGTH' => '0',
+        'http_accept_language.parser' => -> { 'noop' }
       )
     result[:HTTP_OK] = 'OK'
     result
@@ -29,12 +30,13 @@
       'Ok' => 'OK',
       'User-Agent' => 'Mozilla 1234',
       'Remote-Addr' => '1.2.3.4',
-      'X-Forwarded-For' => '1.2.3.4'
+      'X-Forwarded-For' => '1.2.3.4',
+      'Accept-Language.parser' => start_with('#<Proc')
     }
   end
   let(:request) { Rack::Request.new(env) }
 
   context 'with list of header' do
-    it { expect(filter_call).to eq(filtered) }
+    it { expect(filter_call).to match(filtered) }
   end
 end