FIX: don't onebox to IP addresses

This commit is contained in:
Régis Hanol 2017-01-12 22:35:33 +01:00
parent d20cbfb2b3
commit 9f3c38832e
2 changed files with 21 additions and 1 deletions

View File

@ -1,10 +1,12 @@
require "ipaddr"
module Onebox
module Engine
class WhitelistedGenericOnebox
# overwrite the whitelist
def self.===(other)
true
other.is_a?(URI) ? (IPAddr.new(other.hostname) rescue nil).nil? : true
end
# ensure we're the last engine to be used

View File

@ -0,0 +1,18 @@
require 'rails_helper'
describe Onebox::Engine::WhitelistedGenericOnebox do
describe ".===" do
it "matches any domain" do
expect(described_class === URI('http://foo.bar/resource')).to be(true)
end
it "doesn't match an IP address" do
expect(described_class === URI('http://1.2.3.4/resource')).to be(false)
expect(described_class === URI('http://1.2.3.4:1234/resource')).to be(false)
end
end
end