You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by wo...@apache.org on 2018/03/03 01:39:45 UTC
[couchdb] branch 1198-no-5986-fauxton updated (7f436cb -> 2b2c8ad)
This is an automated email from the ASF dual-hosted git repository.
wohali pushed a change to branch 1198-no-5986-fauxton
in repository https://gitbox.apache.org/repos/asf/couchdb.git.
omit 7f436cb Prevent access to Fauxton on node-local port (5986)
new 2b2c8ad Prevent access to Fauxton on node-local port (5986)
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (7f436cb)
\
N -- N -- N refs/heads/1198-no-5986-fauxton (2b2c8ad)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/couch/src/couch_httpd_misc_handlers.erl | 3 +-
src/couch/test/couchdb_csp_tests.erl | 82 -----------------------------
src/couch/test/couchdb_vhosts_tests.erl | 25 ---------
3 files changed, 2 insertions(+), 108 deletions(-)
delete mode 100644 src/couch/test/couchdb_csp_tests.erl
--
To stop receiving notification emails like this one, please contact
wohali@apache.org.
[couchdb] 01/01: Prevent access to Fauxton on node-local port (5986)
Posted by wo...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
wohali pushed a commit to branch 1198-no-5986-fauxton
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 2b2c8add41147a2e86e04ad57805ca8e5d77472a
Author: Joan Touzet <jo...@atypical.net>
AuthorDate: Fri Mar 2 19:12:56 2018 -0500
Prevent access to Fauxton on node-local port (5986)
Will help stop people shooting themselves in the foot and/or using
node-local CouchDB as their "main" CouchDB port.
Closes #1198
---
src/couch/src/couch_httpd_misc_handlers.erl | 17 +-----
src/couch/test/couchdb_csp_tests.erl | 82 -----------------------------
src/couch/test/couchdb_vhosts_tests.erl | 25 ---------
3 files changed, 2 insertions(+), 122 deletions(-)
diff --git a/src/couch/src/couch_httpd_misc_handlers.erl b/src/couch/src/couch_httpd_misc_handlers.erl
index ddc3d64..51dc2be 100644
--- a/src/couch/src/couch_httpd_misc_handlers.erl
+++ b/src/couch/src/couch_httpd_misc_handlers.erl
@@ -61,22 +61,9 @@ handle_file_req(#httpd{method='GET'}=Req, Document) ->
handle_file_req(Req, _) ->
send_method_not_allowed(Req, "GET,HEAD").
-handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) ->
- "/" ++ UrlPath = couch_httpd:path(Req),
- case couch_httpd:partition(UrlPath) of
- {_ActionKey, "/", RelativePath} ->
- % GET /_utils/path or GET /_utils/
- CachingHeaders = [{"Cache-Control", "private, must-revalidate"}],
- EnableCsp = config:get("csp", "enable", "false"),
- Headers = maybe_add_csp_headers(CachingHeaders, EnableCsp),
- couch_httpd:serve_file(Req, RelativePath, DocumentRoot, Headers);
- {_ActionKey, "", _RelativePath} ->
- % GET /_utils
- RedirectPath = couch_httpd:path(Req) ++ "/",
- couch_httpd:send_redirect(Req, RedirectPath)
- end;
handle_utils_dir_req(Req, _) ->
- send_method_not_allowed(Req, "GET,HEAD").
+ send_error(Req, 410, <<"no_node_local_fauxton">>,
+ ?l2b("The web interface is no longer available on the node-local port.")).
maybe_add_csp_headers(Headers, "true") ->
DefaultValues = "default-src 'self'; img-src 'self' data:; font-src 'self'; "
diff --git a/src/couch/test/couchdb_csp_tests.erl b/src/couch/test/couchdb_csp_tests.erl
deleted file mode 100644
index 5eb33f9..0000000
--- a/src/couch/test/couchdb_csp_tests.erl
+++ /dev/null
@@ -1,82 +0,0 @@
-% Licensed under the Apache License, Version 2.0 (the "License"); you may not
-% use this file except in compliance with the License. You may obtain a copy of
-% the License at
-%
-% http://www.apache.org/licenses/LICENSE-2.0
-%
-% Unless required by applicable law or agreed to in writing, software
-% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-% License for the specific language governing permissions and limitations under
-% the License.
-
--module(couchdb_csp_tests).
-
--include_lib("couch/include/couch_eunit.hrl").
-
--define(TIMEOUT, 1000).
-
-
-setup() ->
- ok = config:set("csp", "enable", "true", false),
- Addr = config:get("httpd", "bind_address", "127.0.0.1"),
- Port = integer_to_list(mochiweb_socket_server:get(couch_httpd, port)),
- lists:concat(["http://", Addr, ":", Port, "/_utils/"]).
-
-teardown(_) ->
- ok.
-
-
-csp_test_() ->
- {
- "Content Security Policy tests",
- {
- setup,
- fun test_util:start_couch/0, fun test_util:stop_couch/1,
- {
- foreach,
- fun setup/0, fun teardown/1,
- [
- fun should_not_return_any_csp_headers_when_disabled/1,
- fun should_apply_default_policy/1,
- fun should_return_custom_policy/1,
- fun should_only_enable_csp_when_true/1
- ]
- }
- }
- }.
-
-
-should_not_return_any_csp_headers_when_disabled(Url) ->
- ?_assertEqual(undefined,
- begin
- ok = config:set("csp", "enable", "false", false),
- {ok, _, Headers, _} = test_request:get(Url),
- proplists:get_value("Content-Security-Policy", Headers)
- end).
-
-should_apply_default_policy(Url) ->
- ?_assertEqual(
- "default-src 'self'; img-src 'self' data:; font-src 'self'; "
- "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';",
- begin
- {ok, _, Headers, _} = test_request:get(Url),
- proplists:get_value("Content-Security-Policy", Headers)
- end).
-
-should_return_custom_policy(Url) ->
- ?_assertEqual("default-src 'http://example.com';",
- begin
- ok = config:set("csp", "header_value",
- "default-src 'http://example.com';", false),
- {ok, _, Headers, _} = test_request:get(Url),
- proplists:get_value("Content-Security-Policy", Headers)
- end).
-
-should_only_enable_csp_when_true(Url) ->
- ?_assertEqual(undefined,
- begin
- ok = config:set("csp", "enable", "tru", false),
- {ok, _, Headers, _} = test_request:get(Url),
- proplists:get_value("Content-Security-Policy", Headers)
- end).
diff --git a/src/couch/test/couchdb_vhosts_tests.erl b/src/couch/test/couchdb_vhosts_tests.erl
index dfac73c..2562a06 100644
--- a/src/couch/test/couchdb_vhosts_tests.erl
+++ b/src/couch/test/couchdb_vhosts_tests.erl
@@ -46,14 +46,6 @@ setup() ->
couch_db:ensure_full_commit(Db),
couch_db:close(Db),
- test_util:with_process_restart(couch_httpd, fun() ->
- config:set("httpd_global_handlers", "_utils",
- "{couch_httpd_misc_handlers, handle_utils_dir_req, <<\""
- ++ ?TEMPDIR
- ++ "\">>}"
- )
- end),
-
Addr = config:get("httpd", "bind_address", "127.0.0.1"),
Port = integer_to_list(mochiweb_socket_server:get(couch_httpd, port)),
Url = "http://" ++ Addr ++ ":" ++ Port,
@@ -76,7 +68,6 @@ vhosts_test_() ->
[
fun should_return_database_info/1,
fun should_return_revs_info/1,
- fun should_serve_utils_for_vhost/1,
fun should_return_virtual_request_path_field_in_request/1,
fun should_return_real_request_path_field_in_request/1,
fun should_match_wildcard_vhost/1,
@@ -122,22 +113,6 @@ should_return_revs_info({Url, DbName}) ->
end
end).
-should_serve_utils_for_vhost({Url, DbName}) ->
- ?_test(begin
- ok = config:set("vhosts", "example.com", "/" ++ DbName, false),
- ensure_index_file(),
- case test_request:get(Url ++ "/_utils/index.html", [],
- [{host_header, "example.com"}]) of
- {ok, _, _, Body} ->
- ?assertMatch(<<"<!DOCTYPE html>", _/binary>>, Body);
- Else ->
- erlang:error({assertion_failed,
- [{module, ?MODULE},
- {line, ?LINE},
- {reason, ?iofmt("Request failed: ~p", [Else])}]})
- end
- end).
-
should_return_virtual_request_path_field_in_request({Url, DbName}) ->
?_test(begin
ok = config:set("vhosts", "example1.com",
--
To stop receiving notification emails like this one, please contact
wohali@apache.org.