[ARVADOS] updated: 2.1.0-198-gb2c1a6e50

Git user git at public.arvados.org
Wed Dec 9 21:10:53 UTC 2020 

Summary of changes:
 services/keep-web/handler_test.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

       via  b2c1a6e50a3bfc8890c7c9197e49077b6032a087 (commit)
      from  2c8b44cdaefa4434eadbbe2cb24dabac8cc3bfa9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit b2c1a6e50a3bfc8890c7c9197e49077b6032a087
Author: Tom Clegg <tom at curii.com>
Date:   Wed Dec 9 15:44:57 2020 -0500

    17202: Test avoiding redirect for cross-origin inline images.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go
index 8e2e05c76..5291efeb8 100644
--- a/services/keep-web/handler_test.go
+++ b/services/keep-web/handler_test.go
@@ -583,6 +583,25 @@ func (s *IntegrationSuite) TestXHRNoRedirect(c *check.C) {
 	c.Check(resp.Code, check.Equals, http.StatusOK)
 	c.Check(resp.Body.String(), check.Equals, "foo")
 	c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*")
+
+	// GET + Origin header is representative of both AJAX GET
+	// requests and inline images via <IMG crossorigin="anonymous"
+	// src="...">.
+	u.RawQuery = "api_token=" + url.QueryEscape(arvadostest.ActiveTokenV2)
+	req = &http.Request{
+		Method:     "GET",
+		Host:       u.Host,
+		URL:        u,
+		RequestURI: u.RequestURI(),
+		Header: http.Header{
+			"Origin": {"https://origin.example"},
+		},
+	}
+	resp = httptest.NewRecorder()
+	s.testServer.Handler.ServeHTTP(resp, req)
+	c.Check(resp.Code, check.Equals, http.StatusOK)
+	c.Check(resp.Body.String(), check.Equals, "foo")
+	c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*")
 }
 
 func (s *IntegrationSuite) testVhostRedirectTokenToCookie(c *check.C, method, hostPath, queryString, contentType, reqBody string, expectStatus int, expectRespBody string) *httptest.ResponseRecorder {

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list