mirror of https://github.com/gofiber/fiber.git
v3: fix CSRF tests and linter warnings
parent
6ea4d81331
commit
f37238e494
|
@ -74,7 +74,7 @@ func New(config ...Config) fiber.Handler {
|
||||||
// Assume that anything not defined as 'safe' by RFC7231 needs protection
|
// Assume that anything not defined as 'safe' by RFC7231 needs protection
|
||||||
|
|
||||||
// Enforce an origin check for HTTPS connections.
|
// Enforce an origin check for HTTPS connections.
|
||||||
if c.Protocol() == "https" {
|
if c.Scheme() == "https" {
|
||||||
if err := refererMatchesHost(c); err != nil {
|
if err := refererMatchesHost(c); err != nil {
|
||||||
return cfg.ErrorHandler(c, err)
|
return cfg.ErrorHandler(c, err)
|
||||||
}
|
}
|
||||||
|
@ -230,7 +230,7 @@ func refererMatchesHost(c fiber.Ctx) error {
|
||||||
return ErrBadReferer
|
return ErrBadReferer
|
||||||
}
|
}
|
||||||
|
|
||||||
if refererURL.Scheme+"://"+refererURL.Host != c.Protocol()+"://"+c.Hostname() {
|
if refererURL.Scheme+"://"+refererURL.Host != c.Scheme()+"://"+c.Host() {
|
||||||
return ErrBadReferer
|
return ErrBadReferer
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,10 @@
|
||||||
|
//nolint:bodyclose // Much easier to just ignore memory leaks in tests
|
||||||
package favicon
|
package favicon
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
@ -80,7 +79,7 @@ func Test_Middleware_Favicon_Found(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// go test -run Test_Custom_Favicon_Url
|
// go test -run Test_Custom_Favicon_Url
|
||||||
func Test_Custom_Favicon_Url(t *testing.T) {
|
func Test_Custom_Favicon_URL(t *testing.T) {
|
||||||
app := fiber.New()
|
app := fiber.New()
|
||||||
const customURL = "/favicon.svg"
|
const customURL = "/favicon.svg"
|
||||||
app.Use(New(Config{
|
app.Use(New(Config{
|
||||||
|
@ -121,24 +120,6 @@ func Test_Custom_Favicon_Data(t *testing.T) {
|
||||||
utils.AssertEqual(t, "public, max-age=31536000", resp.Header.Get(fiber.HeaderCacheControl), "CacheControl Control")
|
utils.AssertEqual(t, "public, max-age=31536000", resp.Header.Get(fiber.HeaderCacheControl), "CacheControl Control")
|
||||||
}
|
}
|
||||||
|
|
||||||
// mockFS wraps local filesystem for the purposes of
|
|
||||||
// Test_Middleware_Favicon_FileSystem located below
|
|
||||||
// TODO use os.Dir if fiber upgrades to 1.16
|
|
||||||
type mockFS struct{}
|
|
||||||
|
|
||||||
func (mockFS) Open(name string) (http.File, error) {
|
|
||||||
if name == "/" {
|
|
||||||
name = "."
|
|
||||||
} else {
|
|
||||||
name = strings.TrimPrefix(name, "/")
|
|
||||||
}
|
|
||||||
file, err := os.Open(name) //nolint:gosec // We're in a test func, so this is fine
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("failed to open: %w", err)
|
|
||||||
}
|
|
||||||
return file, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// go test -run Test_Middleware_Favicon_FileSystem
|
// go test -run Test_Middleware_Favicon_FileSystem
|
||||||
func Test_Middleware_Favicon_FileSystem(t *testing.T) {
|
func Test_Middleware_Favicon_FileSystem(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
@ -206,23 +187,3 @@ func Test_Favicon_Next(t *testing.T) {
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.Equal(t, fiber.StatusNotFound, resp.StatusCode)
|
require.Equal(t, fiber.StatusNotFound, resp.StatusCode)
|
||||||
}
|
}
|
||||||
|
|
||||||
// go test -run Test_Custom_Favicon_URL
|
|
||||||
func Test_Custom_Favicon_URL(t *testing.T) {
|
|
||||||
app := fiber.New()
|
|
||||||
const customURL = "/favicon.svg"
|
|
||||||
app.Use(New(Config{
|
|
||||||
File: "../../.github/testdata/favicon.ico",
|
|
||||||
URL: customURL,
|
|
||||||
}))
|
|
||||||
|
|
||||||
app.Get("/", func(c fiber.Ctx) error {
|
|
||||||
return nil
|
|
||||||
})
|
|
||||||
|
|
||||||
resp, err := app.Test(httptest.NewRequest(fiber.MethodGet, customURL, nil))
|
|
||||||
|
|
||||||
require.NoError(t, err, "app.Test(req)")
|
|
||||||
require.Equal(t, fiber.StatusOK, resp.StatusCode, "Status code")
|
|
||||||
require.Equal(t, "image/x-icon", resp.Header.Get(fiber.HeaderContentType))
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in New Issue