Use FinalDestination to ensure public redirects for onebox

2024-11-22 15:06:26 +08:00 · 2017-05-22 16:42:19 -04:00 · 2017-05-22 16:42:19 -04:00 · 4c690f7089
commit 4c690f7089
parent 9edc490d3f
3 changed files with 12 additions and 5 deletions
--- a/config/initializers/100-onebox_options.rb
+++ b/config/initializers/100-onebox_options.rb
@ -1,5 +1,6 @@
 require_dependency 'twitter_api'

 Onebox.options = {
-  twitter_client: TwitterApi
+  twitter_client: TwitterApi,
+  redirect_limit: 1
 }
--- a/lib/oneboxer.rb
+++ b/lib/oneboxer.rb
@ -1,4 +1,6 @@
-require_dependency "#{Rails.root}/lib/onebox/discourse_onebox_sanitize_config"
+require_dependency "onebox/discourse_onebox_sanitize_config"
+require_dependency 'final_destination'
+
 Dir["#{Rails.root}/lib/onebox/engine/*_onebox.rb"].sort.each { |f| require f }

 module Oneboxer
@ -140,8 +142,9 @@ module Oneboxer
    end

    def self.onebox_raw(url)
+
      Rails.cache.fetch(onebox_cache_key(url), expires_in: 1.day) do
-        uri = URI(url) rescue nil
+        uri = FinalDestination.new(url).resolve
        return blank_onebox if uri.blank? || SiteSetting.onebox_domains_blacklist.include?(uri.hostname)
        options = { cache: {}, max_width: 695, sanitize_config: Sanitize::Config::DISCOURSE_ONEBOX }
        r = Onebox.preview(url, options)
--- a/spec/components/final_destination_spec.rb
+++ b/spec/components/final_destination_spec.rb
@ -19,8 +19,11 @@ describe FinalDestination do
  end

  before do
-    FinalDestination.stubs(:lookup_ip) do |host|
+    WebMock.reset!
  end
+
+  after do
+    WebMock.reset!
  end

  let(:doc_response) do