couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robertkowal...@apache.org
Subject [1/2] fauxton commit: updated refs/heads/master to c5c6f1c
Date Tue, 17 Nov 2015 14:15:49 GMT
Repository: couchdb-fauxton
Updated Branches:
  refs/heads/master 2bd911539 -> c5c6f1c21


fix cors validation for hosts with no tld

 - allow ips and things like: http://localhost:3000
 - normalize urls in case a path is given by removing the path

note:

in general the validation should be done in the backend as single
source of truth so that api users and fauxton users get the same
results and also the interfaces are consistent.

PR: #576
PR-URL: https://github.com/apache/couchdb-fauxton/pull/576
Reviewed-By: Benjamin Keen <ben.keen@gmail.com>


Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/8588ef7c
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/8588ef7c
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/8588ef7c

Branch: refs/heads/master
Commit: 8588ef7cc55bfa7a02664d6f6670275c986bb63a
Parents: 2bd9115
Author: Robert Kowalski <robertkowalski@apache.org>
Authored: Mon Nov 16 14:40:30 2015 +0100
Committer: Robert Kowalski <robertkowalski@apache.org>
Committed: Mon Nov 16 17:34:17 2015 +0100

----------------------------------------------------------------------
 app/addons/cors/components.react.jsx           |  6 ++++--
 app/addons/cors/resources.js                   | 16 +++++++++++++---
 app/addons/cors/tests/componentsSpec.react.jsx |  4 ++--
 app/addons/cors/tests/resourcesSpec.js         | 19 ++++++++++++++-----
 4 files changed, 33 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/8588ef7c/app/addons/cors/components.react.jsx
----------------------------------------------------------------------
diff --git a/app/addons/cors/components.react.jsx b/app/addons/cors/components.react.jsx
index fb9f655..37579eb 100644
--- a/app/addons/cors/components.react.jsx
+++ b/app/addons/cors/components.react.jsx
@@ -22,7 +22,7 @@ define([
   var validateOrigin = function (origin) {
     if (!Resources.validateCORSDomain(origin)) {
       FauxtonAPI.addNotification({
-        msg: 'Please enter a valid domain, starting with http/https and only containing the
domain (not a subfolder).',
+        msg: 'Please enter a valid domain, starting with http/https.',
         type: 'error',
         clear: true
       });
@@ -157,7 +157,9 @@ define([
         return;
       }
 
-      this.props.addOrigin(this.state.origin);
+      var url = Resources.normalizeUrls(this.state.origin);
+
+      this.props.addOrigin(url);
       this.setState({origin: ''});
     },
 

http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/8588ef7c/app/addons/cors/resources.js
----------------------------------------------------------------------
diff --git a/app/addons/cors/resources.js b/app/addons/cors/resources.js
index a22cfc8..ed314a9 100644
--- a/app/addons/cors/resources.js
+++ b/app/addons/cors/resources.js
@@ -95,10 +95,20 @@ function (app, FauxtonAPI) {
 
   });
 
-  // simple helper function to validate the user entered a valid domain starting with http(s),
optional port and
-  // doesn't include a subfolder
+  // simple helper function to validate the user entered a valid domain starting with http(s)
   CORS.validateCORSDomain = function (str) {
-    return (/^https?:\/\/[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+(:\d{2,5})?$/).test(str);
+    return (/^https?:\/\/(.*)(:\d{2,5})?$/).test(str);
+  };
+
+  CORS.normalizeUrls = function (url) {
+    var el = document.createElement('a');
+    el.href = url;
+
+    if (/:/.test(url)) {
+      return el.protocol + '//' + el.host;
+    }
+
+    return el.protocol + '//' + el.hostname;
   };
 
   return CORS;

http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/8588ef7c/app/addons/cors/tests/componentsSpec.react.jsx
----------------------------------------------------------------------
diff --git a/app/addons/cors/tests/componentsSpec.react.jsx b/app/addons/cors/tests/componentsSpec.react.jsx
index b725085..c2f3cdd 100644
--- a/app/addons/cors/tests/componentsSpec.react.jsx
+++ b/app/addons/cors/tests/componentsSpec.react.jsx
@@ -97,9 +97,9 @@ define([
       });
 
       afterEach(function () {
-        Resources.validateCORSDomain.restore && Resources.validateCORSDomain.restore();
+        utils.restore(Resources.validateCORSDomain);
+        utils.restore(FauxtonAPI.addNotification);
         React.unmountComponentAtNode(container);
-        FauxtonAPI.addNotification.restore && FauxtonAPI.addNotification.restore();
       });
 
       it('calls validates each domain', function () {

http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/8588ef7c/app/addons/cors/tests/resourcesSpec.js
----------------------------------------------------------------------
diff --git a/app/addons/cors/tests/resourcesSpec.js b/app/addons/cors/tests/resourcesSpec.js
index 9690652..668bce6 100644
--- a/app/addons/cors/tests/resourcesSpec.js
+++ b/app/addons/cors/tests/resourcesSpec.js
@@ -46,24 +46,33 @@ define([
         'http://something.com',
         'https://a.ca',
         'https://something.com:8000',
-        'https://www.some-valid-domain.com:80'
+        'https://www.some-valid-domain.com:80',
+        'http://localhost',
+        'https://localhost',
+        'http://192.168.1.113',
+        'http://192.168.1.113:1337'
       ];
       _.each(urls, function (url) {
         assert.isTrue(CORS.validateCORSDomain(url));
       });
     });
 
-    it('fails on invalid domains', function () {
+    it('fails on non http/https domains', function () {
       var urls = [
         'whoahnellythisaintright',
-        'http://something',
-        'ftp://site.com',
-        'https://this.has/subfolder'
+        'ftp://site.com'
       ];
       _.each(urls, function (url) {
         assert.isFalse(CORS.validateCORSDomain(url));
       });
     });
 
+    it('normalizes common cases, like accidentally added subfolders', function () {
+      assert.equal('https://foo.com', CORS.normalizeUrls('https://foo.com/blerg'));
+      assert.equal('https://192.168.1.113', CORS.normalizeUrls('https://192.168.1.113/blerg'));
+      assert.equal('https://foo.com:1337', CORS.normalizeUrls('https://foo.com:1337/blerg'));
+      assert.equal('https://foo.com', CORS.normalizeUrls('https://foo.com'));
+    });
+
   });
 });


Mime
View raw message