diff options
author | Simon McVittie <smcv@debian.org> | 2014-10-05 22:56:55 +0100 |
---|---|---|
committer | Simon McVittie <smcv@debian.org> | 2014-10-05 23:49:37 +0100 |
commit | d712389ae3e8351c1416aa81d4b85586cf98f002 (patch) | |
tree | 061c5a01b27288baa7b90d96fab19dd1513ee3bd /t/relativity.t | |
parent | 5014a091ba14a6ecf05cfc5f5ae67331b506b348 (diff) | |
download | ikiwiki-d712389ae3e8351c1416aa81d4b85586cf98f002.tar ikiwiki-d712389ae3e8351c1416aa81d4b85586cf98f002.tar.gz |
Avoid mixed content when cgiurl is https but url is not
Diffstat (limited to 't/relativity.t')
-rwxr-xr-x | t/relativity.t | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/t/relativity.t b/t/relativity.t index 6c4d1107e..675efc903 100755 --- a/t/relativity.t +++ b/t/relativity.t @@ -407,12 +407,9 @@ run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub { $ENV{HTTPS} = 'on'; }); %bits = parse_cgi_content($content); -TODO: { -local $TODO = "avoid mixed content"; is($bits{basehref}, "https://example.com/wiki/"); like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); like($bits{tophref}, qr{^(?:/wiki|\.)/$}); -} like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); # when not accessed via HTTPS, ??? @@ -439,11 +436,13 @@ run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub { $ENV{HTTPS} = 'on'; }); %bits = parse_cgi_content($content); +# because the static and dynamic stuff is on the same server, we assume that +# both are also on the staging server +like($bits{basehref}, qr{^https://staging.example.net/wiki/$}); +like($bits{stylehref}, qr{^(?:(?:https:)?//staging.example.net)?/wiki/style.css$}); +like($bits{tophref}, qr{^(?:(?:(?:https:)?//staging.example.net)?/wiki|\.)/$}); TODO: { -local $TODO = "avoid mixed content"; -like($bits{basehref}, qr{^https://example.com/wiki/$}); -like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); -like($bits{tophref}, qr{^(?:(?:(?:https:)?//example.com)?/wiki|\.)/$}); +local $TODO = "this should really point back to itself but currently points to example.com"; like($bits{cgihref}, qr{^(?:(?:https:)?//staging.example.net)?/cgi-bin/ikiwiki.cgi$}); } @@ -458,11 +457,8 @@ run(["./t/tmp/ikiwiki.cgi"], \$in, \$content, init => sub { $ENV{HTTPS} = 'on'; }); %bits = parse_cgi_content($content); -TODO: { -local $TODO = "avoid mixed content"; is($bits{basehref}, "https://example.com/wiki/a/b/c/"); like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); -} like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$}); like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); |