Use strict protocol check when redirect (#29642)
(cherry picked from commit c72e1a7abbba0cca34131a86273c987c47065dd0)
This commit is contained in:
parent
3bdf1e0323
commit
32c8860769
47
services/context/base_test.go
Normal file
47
services/context/base_test.go
Normal file
|
@ -0,0 +1,47 @@
|
|||
// Copyright 2024 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package context
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestRedirect(t *testing.T) {
|
||||
req, _ := http.NewRequest("GET", "/", nil)
|
||||
|
||||
cases := []struct {
|
||||
url string
|
||||
keep bool
|
||||
}{
|
||||
{"http://test", false},
|
||||
{"https://test", false},
|
||||
{"//test", false},
|
||||
{"/://test", true},
|
||||
{"/test", true},
|
||||
}
|
||||
for _, c := range cases {
|
||||
resp := httptest.NewRecorder()
|
||||
b, cleanup := NewBaseContext(resp, req)
|
||||
resp.Header().Add("Set-Cookie", (&http.Cookie{Name: setting.SessionConfig.CookieName, Value: "dummy"}).String())
|
||||
b.Redirect(c.url)
|
||||
cleanup()
|
||||
has := resp.Header().Get("Set-Cookie") == "i_like_gitea=dummy"
|
||||
assert.Equal(t, c.keep, has, "url = %q", c.url)
|
||||
}
|
||||
|
||||
req, _ = http.NewRequest("GET", "/", nil)
|
||||
resp := httptest.NewRecorder()
|
||||
req.Header.Add("HX-Request", "true")
|
||||
b, cleanup := NewBaseContext(resp, req)
|
||||
b.Redirect("/other")
|
||||
cleanup()
|
||||
assert.Equal(t, "/other", resp.Header().Get("HX-Redirect"))
|
||||
assert.Equal(t, http.StatusNoContent, resp.Code)
|
||||
}
|
Loading…
Reference in a new issue