You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ro...@apache.org on 2015/11/17 15:15:49 UTC
[1/2] fauxton commit: updated refs/heads/master to c5c6f1c
Repository: couchdb-fauxton
Updated Branches:
refs/heads/master 2bd911539 -> c5c6f1c21
fix cors validation for hosts with no tld
- allow ips and things like: http://localhost:3000
- normalize urls in case a path is given by removing the path
note:
in general the validation should be done in the backend as single
source of truth so that api users and fauxton users get the same
results and also the interfaces are consistent.
PR: #576
PR-URL: https://github.com/apache/couchdb-fauxton/pull/576
Reviewed-By: Benjamin Keen <be...@gmail.com>
Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/8588ef7c
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/8588ef7c
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/8588ef7c
Branch: refs/heads/master
Commit: 8588ef7cc55bfa7a02664d6f6670275c986bb63a
Parents: 2bd9115
Author: Robert Kowalski <ro...@apache.org>
Authored: Mon Nov 16 14:40:30 2015 +0100
Committer: Robert Kowalski <ro...@apache.org>
Committed: Mon Nov 16 17:34:17 2015 +0100
----------------------------------------------------------------------
app/addons/cors/components.react.jsx | 6 ++++--
app/addons/cors/resources.js | 16 +++++++++++++---
app/addons/cors/tests/componentsSpec.react.jsx | 4 ++--
app/addons/cors/tests/resourcesSpec.js | 19 ++++++++++++++-----
4 files changed, 33 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/8588ef7c/app/addons/cors/components.react.jsx
----------------------------------------------------------------------
diff --git a/app/addons/cors/components.react.jsx b/app/addons/cors/components.react.jsx
index fb9f655..37579eb 100644
--- a/app/addons/cors/components.react.jsx
+++ b/app/addons/cors/components.react.jsx
@@ -22,7 +22,7 @@ define([
var validateOrigin = function (origin) {
if (!Resources.validateCORSDomain(origin)) {
FauxtonAPI.addNotification({
- msg: 'Please enter a valid domain, starting with http/https and only containing the domain (not a subfolder).',
+ msg: 'Please enter a valid domain, starting with http/https.',
type: 'error',
clear: true
});
@@ -157,7 +157,9 @@ define([
return;
}
- this.props.addOrigin(this.state.origin);
+ var url = Resources.normalizeUrls(this.state.origin);
+
+ this.props.addOrigin(url);
this.setState({origin: ''});
},
http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/8588ef7c/app/addons/cors/resources.js
----------------------------------------------------------------------
diff --git a/app/addons/cors/resources.js b/app/addons/cors/resources.js
index a22cfc8..ed314a9 100644
--- a/app/addons/cors/resources.js
+++ b/app/addons/cors/resources.js
@@ -95,10 +95,20 @@ function (app, FauxtonAPI) {
});
- // simple helper function to validate the user entered a valid domain starting with http(s), optional port and
- // doesn't include a subfolder
+ // simple helper function to validate the user entered a valid domain starting with http(s)
CORS.validateCORSDomain = function (str) {
- return (/^https?:\/\/[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+(:\d{2,5})?$/).test(str);
+ return (/^https?:\/\/(.*)(:\d{2,5})?$/).test(str);
+ };
+
+ CORS.normalizeUrls = function (url) {
+ var el = document.createElement('a');
+ el.href = url;
+
+ if (/:/.test(url)) {
+ return el.protocol + '//' + el.host;
+ }
+
+ return el.protocol + '//' + el.hostname;
};
return CORS;
http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/8588ef7c/app/addons/cors/tests/componentsSpec.react.jsx
----------------------------------------------------------------------
diff --git a/app/addons/cors/tests/componentsSpec.react.jsx b/app/addons/cors/tests/componentsSpec.react.jsx
index b725085..c2f3cdd 100644
--- a/app/addons/cors/tests/componentsSpec.react.jsx
+++ b/app/addons/cors/tests/componentsSpec.react.jsx
@@ -97,9 +97,9 @@ define([
});
afterEach(function () {
- Resources.validateCORSDomain.restore && Resources.validateCORSDomain.restore();
+ utils.restore(Resources.validateCORSDomain);
+ utils.restore(FauxtonAPI.addNotification);
React.unmountComponentAtNode(container);
- FauxtonAPI.addNotification.restore && FauxtonAPI.addNotification.restore();
});
it('calls validates each domain', function () {
http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/8588ef7c/app/addons/cors/tests/resourcesSpec.js
----------------------------------------------------------------------
diff --git a/app/addons/cors/tests/resourcesSpec.js b/app/addons/cors/tests/resourcesSpec.js
index 9690652..668bce6 100644
--- a/app/addons/cors/tests/resourcesSpec.js
+++ b/app/addons/cors/tests/resourcesSpec.js
@@ -46,24 +46,33 @@ define([
'http://something.com',
'https://a.ca',
'https://something.com:8000',
- 'https://www.some-valid-domain.com:80'
+ 'https://www.some-valid-domain.com:80',
+ 'http://localhost',
+ 'https://localhost',
+ 'http://192.168.1.113',
+ 'http://192.168.1.113:1337'
];
_.each(urls, function (url) {
assert.isTrue(CORS.validateCORSDomain(url));
});
});
- it('fails on invalid domains', function () {
+ it('fails on non http/https domains', function () {
var urls = [
'whoahnellythisaintright',
- 'http://something',
- 'ftp://site.com',
- 'https://this.has/subfolder'
+ 'ftp://site.com'
];
_.each(urls, function (url) {
assert.isFalse(CORS.validateCORSDomain(url));
});
});
+ it('normalizes common cases, like accidentally added subfolders', function () {
+ assert.equal('https://foo.com', CORS.normalizeUrls('https://foo.com/blerg'));
+ assert.equal('https://192.168.1.113', CORS.normalizeUrls('https://192.168.1.113/blerg'));
+ assert.equal('https://foo.com:1337', CORS.normalizeUrls('https://foo.com:1337/blerg'));
+ assert.equal('https://foo.com', CORS.normalizeUrls('https://foo.com'));
+ });
+
});
});
[2/2] fauxton commit: updated refs/heads/master to c5c6f1c
Posted by ro...@apache.org.
cors: minor formatting fixes
Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/c5c6f1c2
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/c5c6f1c2
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/c5c6f1c2
Branch: refs/heads/master
Commit: c5c6f1c2114a896fa06c28a38d72ef9b5e9592dc
Parents: 8588ef7
Author: Robert Kowalski <ro...@apache.org>
Authored: Tue Nov 17 15:14:13 2015 +0100
Committer: Robert Kowalski <ro...@apache.org>
Committed: Tue Nov 17 15:15:13 2015 +0100
----------------------------------------------------------------------
app/addons/cors/components.react.jsx | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/c5c6f1c2/app/addons/cors/components.react.jsx
----------------------------------------------------------------------
diff --git a/app/addons/cors/components.react.jsx b/app/addons/cors/components.react.jsx
index 37579eb..13d20af 100644
--- a/app/addons/cors/components.react.jsx
+++ b/app/addons/cors/components.react.jsx
@@ -322,13 +322,17 @@ define([
return (
<div className="cors-page">
<header id="cors-header">
- <p> {this.getCorsNotice()}</p>
+ <p>{this.getCorsNotice()}</p>
</header>
<form id="corsForm" onSubmit={this.save}>
<div className="cors-enable">
<label className="checkbox">
- <input type="checkbox" checked={this.state.corsEnabled} onChange={this.enableCorsChange} /> Enable CORS
+ <input
+ type="checkbox"
+ checked={this.state.corsEnabled}
+ onChange={this.enableCorsChange} />
+ Enable CORS
</label>
</div>
<div id={className}>