github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 18:12:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Don't allow base_uri as embeddable host if none exist

Browse Source
This commit is contained in:
Robin Ward
2019-09-29 20:51:59 -04:00
parent 756104432e
commit d5c5ca46b6
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
spec/models/embeddable_host_spec.rb
View File

@ -65,6 +65,10 @@ describe EmbeddableHost do
end
end
it "doesn't allow forum own URL if no hosts exist" do
expect(EmbeddableHost.url_allowed?(Discourse.base_url)).to eq(false)
end
describe "url_allowed?" do
fab!(:host) { Fabricate(:embeddable_host) }