yetangitu/funkwhale
1
0
Fork 0
mirror of https://code.eliotberriot.com/funkwhale/funkwhale.git synced 2025-10-04 12:59:17 +02:00
Code Issues Releases Wiki Activity

Fix #1085: Make URL-building logic more resilient against reverse proxy misconfiguration

Browse source
This commit is contained in:
Agate 2020-05-04 12:02:08 +02:00
parent e981f005dc
commit e8efa4213a
No known key found for this signature in database
GPG key ID: 6B501DFD73514E14
5 changed files with 96 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

61
api/tests/common/test_utils.py
View file

@ -197,3 +197,64 @@ def test_attach_file_content(factories, r_mock):
assert new_attachment.file.read() == b"content"
assert new_attachment.url is None
assert new_attachment.mimetype == data["mimetype"]
@pytest.mark.parametrize(
"ignore, hostname, protocol, meta, path, expected",
[
(
False,
"test.hostname",
"http",
{
"HTTP_X_FORWARDED_HOST": "real.hostname",
"HTTP_X_FORWARDED_PROTO": "https",
},
"/hello",
"https://real.hostname/hello",
),
(
False,
"test.hostname",
"http",
{
"HTTP_X_FORWARDED_HOST": "real.hostname",
"HTTP_X_FORWARDED_PROTO": "http",
},
"/hello",
"http://real.hostname/hello",
),
(
True,
"test.hostname",
"http",
{
"HTTP_X_FORWARDED_HOST": "real.hostname",
"HTTP_X_FORWARDED_PROTO": "https",
},
"/hello",
"http://test.hostname/hello",
),
(
True,
"test.hostname",
"https",
{
"HTTP_X_FORWARDED_HOST": "real.hostname",
"HTTP_X_FORWARDED_PROTO": "http",
},
"/hello",
"https://test.hostname/hello",
),
],
)
def test_monkey_patch_request_build_absolute_uri(
ignore, hostname, protocol, meta, path, expected, fake_request, settings
):
settings.IGNORE_FORWARDED_HOST_AND_PROTO = ignore
settings.ALLOWED_HOSTS = "*"
settings.FUNKWHALE_HOSTNAME = hostname
settings.FUNKWHALE_PROTOCOL = protocol
request = fake_request.get("/", **meta)
assert request.build_absolute_uri(path) == expected