mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-27 09:36:19 -05:00
Support embeddable_host
values that contain a HTTP/HTTPs protocol
This commit is contained in:
parent
6ceb4f2656
commit
a963dd9081
5 changed files with 29 additions and 7 deletions
|
@ -48,8 +48,8 @@ class EmbedController < ApplicationController
|
|||
def ensure_embeddable
|
||||
|
||||
if !(Rails.env.development? && current_user.try(:admin?))
|
||||
raise Discourse::InvalidAccess.new('embeddable host not set') if SiteSetting.embeddable_host.blank?
|
||||
raise Discourse::InvalidAccess.new('invalid referer host') if URI(request.referer || '').host != SiteSetting.embeddable_host
|
||||
raise Discourse::InvalidAccess.new('embeddable host not set') if SiteSetting.normalized_embeddable_host.blank?
|
||||
raise Discourse::InvalidAccess.new('invalid referer host') if URI(request.referer || '').host != SiteSetting.normalized_embeddable_host
|
||||
end
|
||||
|
||||
response.headers['X-Frame-Options'] = "ALLOWALL"
|
||||
|
|
|
@ -56,6 +56,11 @@ class SiteSetting < ActiveRecord::Base
|
|||
@anonymous_menu_items ||= Set.new Discourse.anonymous_filters.map(&:to_s)
|
||||
end
|
||||
|
||||
def self.normalized_embeddable_host
|
||||
return embeddable_host if embeddable_host.blank?
|
||||
embeddable_host.sub(/^https?\:\/\//, '')
|
||||
end
|
||||
|
||||
def self.anonymous_homepage
|
||||
top_menu_items.map { |item| item.name }
|
||||
.select { |item| anonymous_menu_items.include?(item) }
|
||||
|
|
|
@ -12,7 +12,7 @@ class TopicRetriever
|
|||
private
|
||||
|
||||
def invalid_host?
|
||||
SiteSetting.embeddable_host != URI(@embed_url).host
|
||||
SiteSetting.normalized_embeddable_host != URI(@embed_url).host
|
||||
rescue URI::InvalidURIError
|
||||
# An invalid URI is an invalid host
|
||||
true
|
||||
|
@ -52,4 +52,4 @@ class TopicRetriever
|
|||
TopicEmbed.import_remote(user, @embed_url)
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -7,13 +7,13 @@ describe TopicRetriever do
|
|||
let(:topic_retriever) { TopicRetriever.new(embed_url) }
|
||||
|
||||
it "does not call perform_retrieve when embeddable_host is not set" do
|
||||
SiteSetting.expects(:embeddable_host).returns(nil)
|
||||
SiteSetting.stubs(:embeddable_host).returns(nil)
|
||||
topic_retriever.expects(:perform_retrieve).never
|
||||
topic_retriever.retrieve
|
||||
end
|
||||
|
||||
it "does not call perform_retrieve when embeddable_host is different than the host of the URL" do
|
||||
SiteSetting.expects(:embeddable_host).returns("eviltuna.com")
|
||||
SiteSetting.stubs(:embeddable_host).returns("eviltuna.com")
|
||||
topic_retriever.expects(:perform_retrieve).never
|
||||
topic_retriever.retrieve
|
||||
end
|
||||
|
@ -26,7 +26,7 @@ describe TopicRetriever do
|
|||
|
||||
context "with a valid host" do
|
||||
before do
|
||||
SiteSetting.expects(:embeddable_host).returns("eviltrout.com")
|
||||
SiteSetting.stubs(:embeddable_host).returns("eviltrout.com")
|
||||
end
|
||||
|
||||
it "calls perform_retrieve if it hasn't been retrieved recently" do
|
||||
|
|
|
@ -30,6 +30,23 @@ describe SiteSetting do
|
|||
end
|
||||
end
|
||||
|
||||
describe "normalized_embeddable_host" do
|
||||
it 'returns the `embeddable_host` value' do
|
||||
SiteSetting.stubs(:embeddable_host).returns("eviltrout.com")
|
||||
SiteSetting.normalized_embeddable_host.should == "eviltrout.com"
|
||||
end
|
||||
|
||||
it 'strip http from `embeddable_host` value' do
|
||||
SiteSetting.stubs(:embeddable_host).returns("http://eviltrout.com")
|
||||
SiteSetting.normalized_embeddable_host.should == "eviltrout.com"
|
||||
end
|
||||
|
||||
it 'strip https from `embeddable_host` value' do
|
||||
SiteSetting.stubs(:embeddable_host).returns("https://eviltrout.com")
|
||||
SiteSetting.normalized_embeddable_host.should == "eviltrout.com"
|
||||
end
|
||||
end
|
||||
|
||||
describe 'topic_title_length' do
|
||||
it 'returns a range of min/max topic title length' do
|
||||
SiteSetting.topic_title_length.should ==
|
||||
|
|
Loading…
Reference in a new issue