diff --git a/app/controllers/embed_controller.rb b/app/controllers/embed_controller.rb index d615fc54229..07109961fdf 100644 --- a/app/controllers/embed_controller.rb +++ b/app/controllers/embed_controller.rb @@ -48,8 +48,8 @@ class EmbedController < ApplicationController def ensure_embeddable if !(Rails.env.development? && current_user.try(:admin?)) - raise Discourse::InvalidAccess.new('embeddable host not set') if SiteSetting.embeddable_host.blank? - raise Discourse::InvalidAccess.new('invalid referer host') if URI(request.referer || '').host != SiteSetting.embeddable_host + raise Discourse::InvalidAccess.new('embeddable host not set') if SiteSetting.normalized_embeddable_host.blank? + raise Discourse::InvalidAccess.new('invalid referer host') if URI(request.referer || '').host != SiteSetting.normalized_embeddable_host end response.headers['X-Frame-Options'] = "ALLOWALL" diff --git a/app/models/site_setting.rb b/app/models/site_setting.rb index 84051651922..25b92d0edf7 100644 --- a/app/models/site_setting.rb +++ b/app/models/site_setting.rb @@ -56,6 +56,11 @@ class SiteSetting < ActiveRecord::Base @anonymous_menu_items ||= Set.new Discourse.anonymous_filters.map(&:to_s) end + def self.normalized_embeddable_host + return embeddable_host if embeddable_host.blank? + embeddable_host.sub(/^https?\:\/\//, '') + end + def self.anonymous_homepage top_menu_items.map { |item| item.name } .select { |item| anonymous_menu_items.include?(item) } diff --git a/lib/topic_retriever.rb b/lib/topic_retriever.rb index dc63d310fc3..a03966a8ae6 100644 --- a/lib/topic_retriever.rb +++ b/lib/topic_retriever.rb @@ -12,7 +12,7 @@ class TopicRetriever private def invalid_host? - SiteSetting.embeddable_host != URI(@embed_url).host + SiteSetting.normalized_embeddable_host != URI(@embed_url).host rescue URI::InvalidURIError # An invalid URI is an invalid host true @@ -52,4 +52,4 @@ class TopicRetriever TopicEmbed.import_remote(user, @embed_url) end -end \ No newline at end of file +end diff --git a/spec/components/topic_retriever_spec.rb b/spec/components/topic_retriever_spec.rb index 2e7810be98f..7a42d1e77b8 100644 --- a/spec/components/topic_retriever_spec.rb +++ b/spec/components/topic_retriever_spec.rb @@ -7,13 +7,13 @@ describe TopicRetriever do let(:topic_retriever) { TopicRetriever.new(embed_url) } it "does not call perform_retrieve when embeddable_host is not set" do - SiteSetting.expects(:embeddable_host).returns(nil) + SiteSetting.stubs(:embeddable_host).returns(nil) topic_retriever.expects(:perform_retrieve).never topic_retriever.retrieve end it "does not call perform_retrieve when embeddable_host is different than the host of the URL" do - SiteSetting.expects(:embeddable_host).returns("eviltuna.com") + SiteSetting.stubs(:embeddable_host).returns("eviltuna.com") topic_retriever.expects(:perform_retrieve).never topic_retriever.retrieve end @@ -26,7 +26,7 @@ describe TopicRetriever do context "with a valid host" do before do - SiteSetting.expects(:embeddable_host).returns("eviltrout.com") + SiteSetting.stubs(:embeddable_host).returns("eviltrout.com") end it "calls perform_retrieve if it hasn't been retrieved recently" do diff --git a/spec/models/site_setting_spec.rb b/spec/models/site_setting_spec.rb index 16c452522b4..c0864638af0 100644 --- a/spec/models/site_setting_spec.rb +++ b/spec/models/site_setting_spec.rb @@ -30,6 +30,23 @@ describe SiteSetting do end end + describe "normalized_embeddable_host" do + it 'returns the `embeddable_host` value' do + SiteSetting.stubs(:embeddable_host).returns("eviltrout.com") + SiteSetting.normalized_embeddable_host.should == "eviltrout.com" + end + + it 'strip http from `embeddable_host` value' do + SiteSetting.stubs(:embeddable_host).returns("http://eviltrout.com") + SiteSetting.normalized_embeddable_host.should == "eviltrout.com" + end + + it 'strip https from `embeddable_host` value' do + SiteSetting.stubs(:embeddable_host).returns("https://eviltrout.com") + SiteSetting.normalized_embeddable_host.should == "eviltrout.com" + end + end + describe 'topic_title_length' do it 'returns a range of min/max topic title length' do SiteSetting.topic_title_length.should ==