[ARVADOS] updated: 2.1.0-198-gb2c1a6e50
Git user
git at public.arvados.org
Wed Dec 9 21:10:53 UTC 2020
Summary of changes:
services/keep-web/handler_test.go | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
via b2c1a6e50a3bfc8890c7c9197e49077b6032a087 (commit)
from 2c8b44cdaefa4434eadbbe2cb24dabac8cc3bfa9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit b2c1a6e50a3bfc8890c7c9197e49077b6032a087
Author: Tom Clegg <tom at curii.com>
Date: Wed Dec 9 15:44:57 2020 -0500
17202: Test avoiding redirect for cross-origin inline images.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>
diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go
index 8e2e05c76..5291efeb8 100644
--- a/services/keep-web/handler_test.go
+++ b/services/keep-web/handler_test.go
@@ -583,6 +583,25 @@ func (s *IntegrationSuite) TestXHRNoRedirect(c *check.C) {
c.Check(resp.Code, check.Equals, http.StatusOK)
c.Check(resp.Body.String(), check.Equals, "foo")
c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*")
+
+ // GET + Origin header is representative of both AJAX GET
+ // requests and inline images via <IMG crossorigin="anonymous"
+ // src="...">.
+ u.RawQuery = "api_token=" + url.QueryEscape(arvadostest.ActiveTokenV2)
+ req = &http.Request{
+ Method: "GET",
+ Host: u.Host,
+ URL: u,
+ RequestURI: u.RequestURI(),
+ Header: http.Header{
+ "Origin": {"https://origin.example"},
+ },
+ }
+ resp = httptest.NewRecorder()
+ s.testServer.Handler.ServeHTTP(resp, req)
+ c.Check(resp.Code, check.Equals, http.StatusOK)
+ c.Check(resp.Body.String(), check.Equals, "foo")
+ c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*")
}
func (s *IntegrationSuite) testVhostRedirectTokenToCookie(c *check.C, method, hostPath, queryString, contentType, reqBody string, expectStatus int, expectRespBody string) *httptest.ResponseRecorder {
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list