From d82ff9a66a9d13794bdf96eacb984e1b4dade559 Mon Sep 17 00:00:00 2001
From: Nicole Rifkin <nicole.rifkin@simplybusiness.com>
Date: Wed, 20 Nov 2019 09:24:24 -0500
Subject: [PATCH] clean up insecure_dor_spec

---
 spec/vulnerabilities/insecure_dor_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/vulnerabilities/insecure_dor_spec.rb b/spec/vulnerabilities/insecure_dor_spec.rb
index 5d842e8..50e5854 100644
--- a/spec/vulnerabilities/insecure_dor_spec.rb
+++ b/spec/vulnerabilities/insecure_dor_spec.rb
@@ -18,7 +18,7 @@ feature "insecure direct object reference" do
     visit download_url.sub(/name=(.*?)&/, "name=config/database.yml&")
 
     expect(page.status_code).not_to eq(200)
-    expect(page.response_headers["Content-Disposition"]).not_to include("database.yml")
+    expect(page.response_headers["Content-Disposition"].to_a).not_to include("database.yml")
   end
 
   scenario "attack two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference" do