Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-01-17 04:52:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

meta

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2023-12-17 12:52:23 -05:00
parent 4b006b37cc
commit 110b867ed5
1 changed files with 40 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
test/meta.js
View File

@@ -2,13 +2,14 @@
const assert = require('assert');
const async = require('async');
const request = require('request');
const nconf = require('nconf');
const db = require('./mocks/databasemock');
const meta = require('../src/meta');
const User = require('../src/user');
const Groups = require('../src/groups');
const request = require('../src/request');
describe('meta', () => {
let fooUid;
@@ -489,117 +490,97 @@ describe('meta', () => {
});
describe('Access-Control-Allow-Origin', () => {
it('Access-Control-Allow-Origin header should be empty', (done) => {
it('Access-Control-Allow-Origin header should be empty', async () => {
const jar = request.jar();
request.get(`${nconf.get('url')}/api/search?term=bug`, {
form: {},
json: true,
const { response } = await request.get(`${nconf.get('url')}/api/search?term=bug`, {
data: {},
validateStatus: null,
jar: jar,
}, (err, response, body) => {
assert.ifError(err);
assert.equal(response.headers['access-control-allow-origin'], undefined);
done();
});
assert.equal(response.headers['access-control-allow-origin'], undefined);
});
it('should set proper Access-Control-Allow-Origin header', (done) => {
it('should set proper Access-Control-Allow-Origin header', async () => {
const jar = request.jar();
const oldValue = meta.config['access-control-allow-origin'];
meta.config['access-control-allow-origin'] = 'test.com, mydomain.com';
request.get(`${nconf.get('url')}/api/search?term=bug`, {
form: {
},
json: true,
const { response } = await request.get(`${nconf.get('url')}/api/search?term=bug`, {
data: { },
jar: jar,
headers: {
origin: 'mydomain.com',
},
}, (err, response, body) => {
assert.ifError(err);
assert.equal(response.headers['access-control-allow-origin'], 'mydomain.com');
meta.config['access-control-allow-origin'] = oldValue;
done(err);
validateStatus: null,
});
assert.equal(response.headers['access-control-allow-origin'], 'mydomain.com');
meta.config['access-control-allow-origin'] = oldValue;
});
it('Access-Control-Allow-Origin header should be empty if origin does not match', (done) => {
it('Access-Control-Allow-Origin header should be empty if origin does not match', async () => {
const jar = request.jar();
const oldValue = meta.config['access-control-allow-origin'];
meta.config['access-control-allow-origin'] = 'test.com, mydomain.com';
request.get(`${nconf.get('url')}/api/search?term=bug`, {
form: {
},
json: true,
const { response } = await request.get(`${nconf.get('url')}/api/search?term=bug`, {
data: {},
jar: jar,
headers: {
origin: 'notallowed.com',
},
}, (err, response, body) => {
assert.ifError(err);
assert.equal(response.headers['access-control-allow-origin'], undefined);
meta.config['access-control-allow-origin'] = oldValue;
done(err);
validateStatus: null,
});
assert.equal(response.headers['access-control-allow-origin'], undefined);
meta.config['access-control-allow-origin'] = oldValue;
});
it('should set proper Access-Control-Allow-Origin header', (done) => {
it('should set proper Access-Control-Allow-Origin header', async () => {
const jar = request.jar();
const oldValue = meta.config['access-control-allow-origin-regex'];
meta.config['access-control-allow-origin-regex'] = 'match\\.this\\..+\\.domain.com, mydomain\\.com';
request.get(`${nconf.get('url')}/api/search?term=bug`, {
form: {
},
json: true,
const { response } = await request.get(`${nconf.get('url')}/api/search?term=bug`, {
data: {},
jar: jar,
headers: {
origin: 'match.this.anything123.domain.com',
},
}, (err, response, body) => {
assert.ifError(err);
assert.equal(response.headers['access-control-allow-origin'], 'match.this.anything123.domain.com');
meta.config['access-control-allow-origin-regex'] = oldValue;
done(err);
validateStatus: null,
});
assert.equal(response.headers['access-control-allow-origin'], 'match.this.anything123.domain.com');
meta.config['access-control-allow-origin-regex'] = oldValue;
});
it('Access-Control-Allow-Origin header should be empty if origin does not match', (done) => {
it('Access-Control-Allow-Origin header should be empty if origin does not match', async () => {
const jar = request.jar();
const oldValue = meta.config['access-control-allow-origin-regex'];
meta.config['access-control-allow-origin-regex'] = 'match\\.this\\..+\\.domain.com, mydomain\\.com';
request.get(`${nconf.get('url')}/api/search?term=bug`, {
form: {
},
json: true,
const { response } = await request.get(`${nconf.get('url')}/api/search?term=bug`, {
data: {},
jar: jar,
headers: {
origin: 'notallowed.com',
},
}, (err, response, body) => {
assert.ifError(err);
assert.equal(response.headers['access-control-allow-origin'], undefined);
meta.config['access-control-allow-origin-regex'] = oldValue;
done(err);
validateStatus: null,
});
assert.equal(response.headers['access-control-allow-origin'], undefined);
meta.config['access-control-allow-origin-regex'] = oldValue;
});
it('should not error with invalid regexp', (done) => {
it('should not error with invalid regexp', async () => {
const jar = request.jar();
const oldValue = meta.config['access-control-allow-origin-regex'];
meta.config['access-control-allow-origin-regex'] = '[match\\.this\\..+\\.domain.com, mydomain\\.com';
request.get(`${nconf.get('url')}/api/search?term=bug`, {
form: {
},
json: true,
const { response } = await request.get(`${nconf.get('url')}/api/search?term=bug`, {
data: { },
jar: jar,
headers: {
origin: 'mydomain.com',
},
}, (err, response, body) => {
assert.ifError(err);
assert.equal(response.headers['access-control-allow-origin'], 'mydomain.com');
meta.config['access-control-allow-origin-regex'] = oldValue;
done(err);
validateStatus: null,
});
assert.equal(response.headers['access-control-allow-origin'], 'mydomain.com');
meta.config['access-control-allow-origin-regex'] = oldValue;
});
});