Support `embeddable_host` values that contain a HTTP/HTTPs protocol
This commit is contained in:
parent
6ceb4f2656
commit
a963dd9081
|
@ -48,8 +48,8 @@ class EmbedController < ApplicationController
|
||||||
def ensure_embeddable
|
def ensure_embeddable
|
||||||
|
|
||||||
if !(Rails.env.development? && current_user.try(:admin?))
|
if !(Rails.env.development? && current_user.try(:admin?))
|
||||||
raise Discourse::InvalidAccess.new('embeddable host not set') if SiteSetting.embeddable_host.blank?
|
raise Discourse::InvalidAccess.new('embeddable host not set') if SiteSetting.normalized_embeddable_host.blank?
|
||||||
raise Discourse::InvalidAccess.new('invalid referer host') if URI(request.referer || '').host != SiteSetting.embeddable_host
|
raise Discourse::InvalidAccess.new('invalid referer host') if URI(request.referer || '').host != SiteSetting.normalized_embeddable_host
|
||||||
end
|
end
|
||||||
|
|
||||||
response.headers['X-Frame-Options'] = "ALLOWALL"
|
response.headers['X-Frame-Options'] = "ALLOWALL"
|
||||||
|
|
|
@ -56,6 +56,11 @@ class SiteSetting < ActiveRecord::Base
|
||||||
@anonymous_menu_items ||= Set.new Discourse.anonymous_filters.map(&:to_s)
|
@anonymous_menu_items ||= Set.new Discourse.anonymous_filters.map(&:to_s)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def self.normalized_embeddable_host
|
||||||
|
return embeddable_host if embeddable_host.blank?
|
||||||
|
embeddable_host.sub(/^https?\:\/\//, '')
|
||||||
|
end
|
||||||
|
|
||||||
def self.anonymous_homepage
|
def self.anonymous_homepage
|
||||||
top_menu_items.map { |item| item.name }
|
top_menu_items.map { |item| item.name }
|
||||||
.select { |item| anonymous_menu_items.include?(item) }
|
.select { |item| anonymous_menu_items.include?(item) }
|
||||||
|
|
|
@ -12,7 +12,7 @@ class TopicRetriever
|
||||||
private
|
private
|
||||||
|
|
||||||
def invalid_host?
|
def invalid_host?
|
||||||
SiteSetting.embeddable_host != URI(@embed_url).host
|
SiteSetting.normalized_embeddable_host != URI(@embed_url).host
|
||||||
rescue URI::InvalidURIError
|
rescue URI::InvalidURIError
|
||||||
# An invalid URI is an invalid host
|
# An invalid URI is an invalid host
|
||||||
true
|
true
|
||||||
|
@ -52,4 +52,4 @@ class TopicRetriever
|
||||||
TopicEmbed.import_remote(user, @embed_url)
|
TopicEmbed.import_remote(user, @embed_url)
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -7,13 +7,13 @@ describe TopicRetriever do
|
||||||
let(:topic_retriever) { TopicRetriever.new(embed_url) }
|
let(:topic_retriever) { TopicRetriever.new(embed_url) }
|
||||||
|
|
||||||
it "does not call perform_retrieve when embeddable_host is not set" do
|
it "does not call perform_retrieve when embeddable_host is not set" do
|
||||||
SiteSetting.expects(:embeddable_host).returns(nil)
|
SiteSetting.stubs(:embeddable_host).returns(nil)
|
||||||
topic_retriever.expects(:perform_retrieve).never
|
topic_retriever.expects(:perform_retrieve).never
|
||||||
topic_retriever.retrieve
|
topic_retriever.retrieve
|
||||||
end
|
end
|
||||||
|
|
||||||
it "does not call perform_retrieve when embeddable_host is different than the host of the URL" do
|
it "does not call perform_retrieve when embeddable_host is different than the host of the URL" do
|
||||||
SiteSetting.expects(:embeddable_host).returns("eviltuna.com")
|
SiteSetting.stubs(:embeddable_host).returns("eviltuna.com")
|
||||||
topic_retriever.expects(:perform_retrieve).never
|
topic_retriever.expects(:perform_retrieve).never
|
||||||
topic_retriever.retrieve
|
topic_retriever.retrieve
|
||||||
end
|
end
|
||||||
|
@ -26,7 +26,7 @@ describe TopicRetriever do
|
||||||
|
|
||||||
context "with a valid host" do
|
context "with a valid host" do
|
||||||
before do
|
before do
|
||||||
SiteSetting.expects(:embeddable_host).returns("eviltrout.com")
|
SiteSetting.stubs(:embeddable_host).returns("eviltrout.com")
|
||||||
end
|
end
|
||||||
|
|
||||||
it "calls perform_retrieve if it hasn't been retrieved recently" do
|
it "calls perform_retrieve if it hasn't been retrieved recently" do
|
||||||
|
|
|
@ -30,6 +30,23 @@ describe SiteSetting do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "normalized_embeddable_host" do
|
||||||
|
it 'returns the `embeddable_host` value' do
|
||||||
|
SiteSetting.stubs(:embeddable_host).returns("eviltrout.com")
|
||||||
|
SiteSetting.normalized_embeddable_host.should == "eviltrout.com"
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'strip http from `embeddable_host` value' do
|
||||||
|
SiteSetting.stubs(:embeddable_host).returns("http://eviltrout.com")
|
||||||
|
SiteSetting.normalized_embeddable_host.should == "eviltrout.com"
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'strip https from `embeddable_host` value' do
|
||||||
|
SiteSetting.stubs(:embeddable_host).returns("https://eviltrout.com")
|
||||||
|
SiteSetting.normalized_embeddable_host.should == "eviltrout.com"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe 'topic_title_length' do
|
describe 'topic_title_length' do
|
||||||
it 'returns a range of min/max topic title length' do
|
it 'returns a range of min/max topic title length' do
|
||||||
SiteSetting.topic_title_length.should ==
|
SiteSetting.topic_title_length.should ==
|
||||||
|
|
Loading…
Reference in New Issue