You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by wo...@apache.org on 2018/03/05 21:34:57 UTC
[couchdb] branch 1198-no-5986-fauxton updated (2b2c8ad -> 75d9bc5)
This is an automated email from the ASF dual-hosted git repository.
wohali pushed a change to branch 1198-no-5986-fauxton
in repository https://gitbox.apache.org/repos/asf/couchdb.git.
omit 2b2c8ad Prevent access to Fauxton on node-local port (5986)
new 75d9bc5 Prevent access to Fauxton on node-local port (5986)
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (2b2c8ad)
\
N -- N -- N refs/heads/1198-no-5986-fauxton (75d9bc5)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/chttpd/test/chttpd_csp_tests.erl | 82 +++++++++++++++++++++++++++++
src/couch/src/couch_httpd_misc_handlers.erl | 8 ---
2 files changed, 82 insertions(+), 8 deletions(-)
create mode 100644 src/chttpd/test/chttpd_csp_tests.erl
--
To stop receiving notification emails like this one, please contact
wohali@apache.org.
[couchdb] 01/01: Prevent access to Fauxton on node-local port (5986)
Posted by wo...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
wohali pushed a commit to branch 1198-no-5986-fauxton
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 75d9bc5be05eb9ae8f9076f1edecf1207017bdfa
Author: Joan Touzet <jo...@atypical.net>
AuthorDate: Fri Mar 2 19:12:56 2018 -0500
Prevent access to Fauxton on node-local port (5986)
Will help stop people shooting themselves in the foot and/or using
node-local CouchDB as their "main" CouchDB port.
Closes #1198
---
.../test/chttpd_csp_tests.erl} | 10 ++++-----
src/couch/src/couch_httpd_misc_handlers.erl | 25 ++--------------------
src/couch/test/couchdb_vhosts_tests.erl | 25 ----------------------
3 files changed, 7 insertions(+), 53 deletions(-)
diff --git a/src/couch/test/couchdb_csp_tests.erl b/src/chttpd/test/chttpd_csp_tests.erl
similarity index 91%
rename from src/couch/test/couchdb_csp_tests.erl
rename to src/chttpd/test/chttpd_csp_tests.erl
index 5eb33f9..4e802f8 100644
--- a/src/couch/test/couchdb_csp_tests.erl
+++ b/src/chttpd/test/chttpd_csp_tests.erl
@@ -10,29 +10,29 @@
% License for the specific language governing permissions and limitations under
% the License.
--module(couchdb_csp_tests).
+-module(chttpd_csp_tests).
-include_lib("couch/include/couch_eunit.hrl").
-define(TIMEOUT, 1000).
-
setup() ->
ok = config:set("csp", "enable", "true", false),
- Addr = config:get("httpd", "bind_address", "127.0.0.1"),
- Port = integer_to_list(mochiweb_socket_server:get(couch_httpd, port)),
+ Addr = config:get("chttpd", "bind_address", "127.0.0.1"),
+ Port = mochiweb_socket_server:get(chttpd, port),
lists:concat(["http://", Addr, ":", Port, "/_utils/"]).
teardown(_) ->
ok.
+
csp_test_() ->
{
"Content Security Policy tests",
{
setup,
- fun test_util:start_couch/0, fun test_util:stop_couch/1,
+ fun chttpd_test_util:start_couch/0, fun chttpd_test_util:stop_couch/1,
{
foreach,
fun setup/0, fun teardown/1,
diff --git a/src/couch/src/couch_httpd_misc_handlers.erl b/src/couch/src/couch_httpd_misc_handlers.erl
index ddc3d64..e2fc9f2 100644
--- a/src/couch/src/couch_httpd_misc_handlers.erl
+++ b/src/couch/src/couch_httpd_misc_handlers.erl
@@ -61,30 +61,9 @@ handle_file_req(#httpd{method='GET'}=Req, Document) ->
handle_file_req(Req, _) ->
send_method_not_allowed(Req, "GET,HEAD").
-handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) ->
- "/" ++ UrlPath = couch_httpd:path(Req),
- case couch_httpd:partition(UrlPath) of
- {_ActionKey, "/", RelativePath} ->
- % GET /_utils/path or GET /_utils/
- CachingHeaders = [{"Cache-Control", "private, must-revalidate"}],
- EnableCsp = config:get("csp", "enable", "false"),
- Headers = maybe_add_csp_headers(CachingHeaders, EnableCsp),
- couch_httpd:serve_file(Req, RelativePath, DocumentRoot, Headers);
- {_ActionKey, "", _RelativePath} ->
- % GET /_utils
- RedirectPath = couch_httpd:path(Req) ++ "/",
- couch_httpd:send_redirect(Req, RedirectPath)
- end;
handle_utils_dir_req(Req, _) ->
- send_method_not_allowed(Req, "GET,HEAD").
-
-maybe_add_csp_headers(Headers, "true") ->
- DefaultValues = "default-src 'self'; img-src 'self' data:; font-src 'self'; "
- "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';",
- Value = config:get("csp", "header_value", DefaultValues),
- [{"Content-Security-Policy", Value} | Headers];
-maybe_add_csp_headers(Headers, _) ->
- Headers.
+ send_error(Req, 410, <<"no_node_local_fauxton">>,
+ ?l2b("The web interface is no longer available on the node-local port.")).
handle_all_dbs_req(#httpd{method='GET'}=Req) ->
diff --git a/src/couch/test/couchdb_vhosts_tests.erl b/src/couch/test/couchdb_vhosts_tests.erl
index dfac73c..2562a06 100644
--- a/src/couch/test/couchdb_vhosts_tests.erl
+++ b/src/couch/test/couchdb_vhosts_tests.erl
@@ -46,14 +46,6 @@ setup() ->
couch_db:ensure_full_commit(Db),
couch_db:close(Db),
- test_util:with_process_restart(couch_httpd, fun() ->
- config:set("httpd_global_handlers", "_utils",
- "{couch_httpd_misc_handlers, handle_utils_dir_req, <<\""
- ++ ?TEMPDIR
- ++ "\">>}"
- )
- end),
-
Addr = config:get("httpd", "bind_address", "127.0.0.1"),
Port = integer_to_list(mochiweb_socket_server:get(couch_httpd, port)),
Url = "http://" ++ Addr ++ ":" ++ Port,
@@ -76,7 +68,6 @@ vhosts_test_() ->
[
fun should_return_database_info/1,
fun should_return_revs_info/1,
- fun should_serve_utils_for_vhost/1,
fun should_return_virtual_request_path_field_in_request/1,
fun should_return_real_request_path_field_in_request/1,
fun should_match_wildcard_vhost/1,
@@ -122,22 +113,6 @@ should_return_revs_info({Url, DbName}) ->
end
end).
-should_serve_utils_for_vhost({Url, DbName}) ->
- ?_test(begin
- ok = config:set("vhosts", "example.com", "/" ++ DbName, false),
- ensure_index_file(),
- case test_request:get(Url ++ "/_utils/index.html", [],
- [{host_header, "example.com"}]) of
- {ok, _, _, Body} ->
- ?assertMatch(<<"<!DOCTYPE html>", _/binary>>, Body);
- Else ->
- erlang:error({assertion_failed,
- [{module, ?MODULE},
- {line, ?LINE},
- {reason, ?iofmt("Request failed: ~p", [Else])}]})
- end
- end).
-
should_return_virtual_request_path_field_in_request({Url, DbName}) ->
?_test(begin
ok = config:set("vhosts", "example1.com",
--
To stop receiving notification emails like this one, please contact
wohali@apache.org.