]> sipb.mit.edu Git - ikiwiki.git/blobdiff - t/relativity.t
sipb-www / ikiwiki.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Avoid mixed content when cgiurl is https but url is not
[ikiwiki.git] / t / relativity.t
diff --git a/t/relativity.t b/t/relativity.t
index 0f7d014c578f416f5e6760b515da189ba991bf04..675efc903e58626ac94d017333af8aa9d9ba86b2 100755 (executable)
--- a/t/relativity.t
+++ b/t/relativity.t
@@ -227,13 +227,10 @@ run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
        $ENV{HTTPS} = 'on';
 });
 %bits = parse_cgi_content($content);
-TODO: {
-local $TODO = "avoid mixed content";
 like($bits{basehref}, qr{^https://static.example.com/$});
 like($bits{stylehref}, qr{^(?:(?:https:)?//static.example.com)?/style.css$});
 like($bits{tophref}, qr{^(?:https:)?//static.example.com/$});
 like($bits{cgihref}, qr{^(?:(?:https:)?//cgi.example.com)?/ikiwiki.cgi$});
-}
 
 # when accessed via a different hostname, links to the CGI (only) should
 # stay on that host?
@@ -243,12 +240,12 @@ run(["./t/tmp/ikiwiki.cgi"], \$in, \$content, init => sub {
        $ENV{SERVER_PORT} = '80';
        $ENV{SCRIPT_NAME} = '/ikiwiki.cgi';
        $ENV{HTTP_HOST} = 'staging.example.net';
-       $ENV{HTTPS} = 'on';
        $ENV{CONTENT_LENGTH} = length $in;
 });
-like($bits{basehref}, qr{^http://static.example.com/$});
-like($bits{stylehref}, qr{^(?:(?:http:)?//static.example.com)?/style.css$});
-like($bits{tophref}, qr{^(?:http:)?//static.example.com/$});
+%bits = parse_cgi_content($content);
+like($bits{basehref}, qr{^http://static.example.com/a/b/c/$});
+like($bits{stylehref}, qr{^(?:(?:http:)?//static.example.com|\.\./\.\./\.\.)/style.css$});
+like($bits{tophref}, qr{^(?:(?:http:)?//static.example.com|\.\./\.\./\.\.)/$});
 TODO: {
 local $TODO = "use self-referential CGI URL?";
 like($bits{cgihref}, qr{^(?:(?:http:)?//staging.example.net)?/ikiwiki.cgi$});
@@ -410,12 +407,9 @@ run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
        $ENV{HTTPS} = 'on';
 });
 %bits = parse_cgi_content($content);
-TODO: {
-local $TODO = "avoid mixed content";
 is($bits{basehref}, "https://example.com/wiki/");
 like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
 like($bits{tophref}, qr{^(?:/wiki|\.)/$});
-}
 like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
 
 # when not accessed via HTTPS, ???
@@ -442,11 +436,13 @@ run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
        $ENV{HTTPS} = 'on';
 });
 %bits = parse_cgi_content($content);
+# because the static and dynamic stuff is on the same server, we assume that
+# both are also on the staging server
+like($bits{basehref}, qr{^https://staging.example.net/wiki/$});
+like($bits{stylehref}, qr{^(?:(?:https:)?//staging.example.net)?/wiki/style.css$});
+like($bits{tophref}, qr{^(?:(?:(?:https:)?//staging.example.net)?/wiki|\.)/$});
 TODO: {
-local $TODO = "avoid mixed content";
-like($bits{basehref}, qr{^https://example.com/wiki/$});
-like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
-like($bits{tophref}, qr{^(?:(?:(?:https:)?//example.com)?/wiki|\.)/$});
+local $TODO = "this should really point back to itself but currently points to example.com";
 like($bits{cgihref}, qr{^(?:(?:https:)?//staging.example.net)?/cgi-bin/ikiwiki.cgi$});
 }
 
@@ -461,11 +457,8 @@ run(["./t/tmp/ikiwiki.cgi"], \$in, \$content, init => sub {
        $ENV{HTTPS} = 'on';
 });
 %bits = parse_cgi_content($content);
-TODO: {
-local $TODO = "avoid mixed content";
 is($bits{basehref}, "https://example.com/wiki/a/b/c/");
 like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
-}
 like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$});
 like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
 
wiki compiler