github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 15:28:37 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: More robust referrer host parsing (#27534)

Browse Source
This commit is contained in:
Ted Johansson
2024-06-19 16:30:40 +08:00
committed by GitHub
parent 9cc030fe8d
commit 9468e0c0f2
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
spec/requests/application_controller_spec.rb
View File

@ -556,14 +556,19 @@ RSpec.describe ApplicationController do
end
it "sets `Cross-Origin-Opener-Policy` to `unsafe-none` for a listed referrer" do
get "/latest", headers: { "HTTP_REFERER" => "meta.discourse.org" }
get "/latest", headers: { "HTTP_REFERER" => "https://meta.discourse.org/" }
expect(response.status).to eq(200)
expect(response.headers["Cross-Origin-Opener-Policy"]).to eq("unsafe-none")
get "/latest", headers: { "HTTP_REFERER" => "https://meta.discourse.org/hot" }
expect(response.status).to eq(200)
expect(response.headers["Cross-Origin-Opener-Policy"]).to eq("unsafe-none")
end
it "sets `Cross-Origin-Opener-Policy` to configured value for a non-listed referrer" do
get "/latest", headers: { "HTTP_REFERER" => "www.discourse.org" }
get "/latest", headers: { "HTTP_REFERER" => "https://www.discourse.org/" }
expect(response.status).to eq(200)
expect(response.headers["Cross-Origin-Opener-Policy"]).to eq("same-origin")