Mercurial > p > roundup > code
comparison test/test_config.py @ 6681:ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
We now have an allow list to filter the hosts allowed to do api
requests. An element of this allow list must match the http ORIGIN
header exactly or the rest/xmlrpc CORS request will result in an
error.
The tracker host is always allowed to do a request.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 17 May 2022 17:18:51 -0400 |
| parents | 0d99ae7c8de6 |
| children | 3f60a71b0812 |
comparison
equal
deleted
inserted
replaced
| 6680:b4d0b48b3096 | 6681:ab2ed11c021e |
|---|---|
| 277 config._get_option('WEB_LOGIN_ATTEMPTS_MIN').set("3.0")) | 277 config._get_option('WEB_LOGIN_ATTEMPTS_MIN').set("3.0")) |
| 278 | 278 |
| 279 self.assertEqual("3", | 279 self.assertEqual("3", |
| 280 config._get_option('WEB_LOGIN_ATTEMPTS_MIN')._value2str(3.00)) | 280 config._get_option('WEB_LOGIN_ATTEMPTS_MIN')._value2str(3.00)) |
| 281 | 281 |
| 282 def testOriginHeader(self): | |
| 283 config = configuration.CoreConfig() | |
| 284 | |
| 285 with self.assertRaises(configuration.OptionValueError) as cm: | |
| 286 config._get_option('WEB_ALLOWED_API_ORIGINS').set("* https://foo.edu") | |
| 287 | |
| 288 config._get_option('WEB_ALLOWED_API_ORIGINS').set("https://foo.edu HTTP://baR.edu") | |
| 289 | |
| 290 self.assertEqual(config['WEB_ALLOWED_API_ORIGINS'][0], 'https://foo.edu') | |
| 291 self.assertEqual(config['WEB_ALLOWED_API_ORIGINS'][1], 'HTTP://baR.edu') | |
| 292 | |
| 293 | |
| 282 | 294 |
| 283 def testOptionAsString(self): | 295 def testOptionAsString(self): |
| 284 | 296 |
| 285 config = configuration.CoreConfig() | 297 config = configuration.CoreConfig() |
| 286 | 298 |