discourse/spec/components/middleware/enforce_hostname_spec.rb
David Taylor 19814c5e81
FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180)
- Define the CSP based on the requested domain / scheme (respecting force_https)
- Update EnforceHostname middleware to allow secondary domains, add specs
- Add URL scheme to anon cache key so that CSP headers are cached correctly
2020-03-19 19:54:42 +00:00

40 lines
1.1 KiB
Ruby

# frozen_string_literal: true
require "rails_helper"
describe Middleware::EnforceHostname do
before do
RailsMultisite::ConnectionManagement.stubs(:current_db_hostnames).returns(['primary.example.com', 'secondary.example.com'])
RailsMultisite::ConnectionManagement.stubs(:current_hostname).returns('primary.example.com')
end
def check_returned_host(input_host)
resolved_host = nil
app = described_class.new(
lambda do |env|
resolved_host = env["HTTP_HOST"]
[200, {}, ["ok"]]
end
)
app.call({ "HTTP_HOST" => input_host })
resolved_host
end
it "works for the primary domain" do
expect(check_returned_host("primary.example.com")).to eq("primary.example.com")
end
it "works for the secondary domain" do
expect(check_returned_host("secondary.example.com")).to eq("secondary.example.com")
end
it "returns primary domain otherwise" do
expect(check_returned_host("other.example.com")).to eq("primary.example.com")
expect(check_returned_host(nil)).to eq("primary.example.com")
end
end