aboutsummaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorrinpatch <rinpatch@sdf.org>2020-05-29 09:46:31 +0000
committerrinpatch <rinpatch@sdf.org>2020-06-08 00:58:30 +0300
commita51284b60ab450a6c7ff644f1ea10f797a36aa59 (patch)
tree770a75be94e1f88d5da5eedcf45bd820a1c2ae76 /test
parenta5ccb5b0b1032b102c54d4df2e17c61423089e73 (diff)
downloadpleroma-a51284b60ab450a6c7ff644f1ea10f797a36aa59.tar.gz
Merge branch 'fix/mediaproxy-bypass-emoji' into 'develop'
Fix profile emojis bypassing mediaproxy and harden CSP Closes #1810 See merge request pleroma/pleroma!2596
Diffstat (limited to 'test')
-rw-r--r--test/plugs/http_security_plug_test.exs2
-rw-r--r--test/web/media_proxy/media_proxy_test.exs16
2 files changed, 9 insertions, 9 deletions
diff --git a/test/plugs/http_security_plug_test.exs b/test/plugs/http_security_plug_test.exs
index 944a9a139..6ba2dfe85 100644
--- a/test/plugs/http_security_plug_test.exs
+++ b/test/plugs/http_security_plug_test.exs
@@ -67,7 +67,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
[csp] = Conn.get_resp_header(conn, "content-security-policy")
- assert csp =~ ~r|report-uri https://endpoint.com; report-to csp-endpoint;|
+ assert csp =~ ~r|report-uri https://endpoint.com;report-to csp-endpoint;|
[reply_to] = Conn.get_resp_header(conn, "reply-to")
diff --git a/test/web/media_proxy/media_proxy_test.exs b/test/web/media_proxy/media_proxy_test.exs
index 8f5fcf2eb..dc4388f58 100644
--- a/test/web/media_proxy/media_proxy_test.exs
+++ b/test/web/media_proxy/media_proxy_test.exs
@@ -125,15 +125,8 @@ defmodule Pleroma.Web.MediaProxyTest do
test "uses the configured base_url" do
base_url = Pleroma.Config.get([:media_proxy, :base_url])
-
- if base_url do
- on_exit(fn ->
- Pleroma.Config.put([:media_proxy, :base_url], base_url)
- end)
- end
-
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
-
+ on_exit(fn -> Pleroma.Config.put([:media_proxy, :base_url], base_url) end)
url = "https://pleroma.soykaf.com/static/logo.png"
encoded = url(url)
@@ -213,9 +206,16 @@ defmodule Pleroma.Web.MediaProxyTest do
end
test "does not change whitelisted urls" do
+ whitelist = Pleroma.Config.get([:media_proxy, :whitelist])
+ base_url = Pleroma.Config.get([:media_proxy, :base_url])
Pleroma.Config.put([:media_proxy, :whitelist], ["mycdn.akamai.com"])
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
+ on_exit(fn ->
+ Pleroma.Config.put([:media_proxy, :whitelist], whitelist)
+ Pleroma.Config.put([:media_proxy, :base_url], base_url)
+ end)
+
media_url = "https://mycdn.akamai.com"
url = "#{media_url}/static/logo.png"
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-25 04:10:08 +0000