grassrootseconomics/openethereum
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove obsolete dapps and update security headers (#2694)

Browse Source 
* Embed allowed only on signer port

* Adding security headers to dapps

* Adding security headers to signer

* Removing old dapps
This commit is contained in:
Tomasz Drwięga
2016-10-19 11:02:21 +02:00
committed by Gav Wood
parent 487dfb0208
commit 5e67c89b4b
18 changed files with 123 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dapps/src/tests/api.rs
View File

@@ -14,7 +14,7 @@
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
use tests::helpers::{serve, serve_with_registrar, request};
use tests::helpers::{serve, serve_with_registrar, request, assert_security_headers};
#[test]
fn should_return_error() {
@@ -36,6 +36,7 @@ fn should_return_error() {
assert_eq!(response.status, "HTTP/1.1 404 Not Found".to_owned());
assert_eq!(response.headers.get(0).unwrap(), "Content-Type: application/json");
assert_eq!(response.body, format!("58\n{}\n0\n\n", r#"{"code":"404","title":"Not Found","detail":"Resource you requested has not been found."}"#));
assert_security_headers(&response.headers);
}
#[test]
@@ -58,6 +59,7 @@ fn should_serve_apps() {
assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
assert_eq!(response.headers.get(0).unwrap(), "Content-Type: application/json");
assert!(response.body.contains("Parity Home Screen"), response.body);
assert_security_headers(&response.headers);
}
#[test]
@@ -80,6 +82,7 @@ fn should_handle_ping() {
assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
assert_eq!(response.headers.get(0).unwrap(), "Content-Type: application/json");
assert_eq!(response.body, "0\n\n".to_owned());
assert_security_headers(&response.headers);
}
@@ -101,5 +104,6 @@ fn should_try_to_resolve_dapp() {
// then
assert_eq!(response.status, "HTTP/1.1 404 Not Found".to_owned());
assert_eq!(registrar.calls.lock().len(), 2);
assert_security_headers(&response.headers);
}

3
dapps/src/tests/authorization.rs
View File

@@ -14,7 +14,7 @@
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
use tests::helpers::{serve_with_auth, request};
use tests::helpers::{serve_with_auth, request, assert_security_headers};
#[test]
fn should_require_authorization() {
@@ -76,4 +76,5 @@ fn should_allow_on_valid_auth() {
// then
assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
assert_security_headers(&response.headers);
}

3
dapps/src/tests/fetch.rs
View File

@@ -14,7 +14,7 @@
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
use tests::helpers::{serve_with_registrar, request};
use tests::helpers::{serve_with_registrar, request, assert_security_headers};
#[test]
fn should_resolve_dapp() {
@@ -34,5 +34,6 @@ fn should_resolve_dapp() {
// then
assert_eq!(response.status, "HTTP/1.1 404 Not Found".to_owned());
assert_eq!(registrar.calls.lock().len(), 2);
assert_security_headers(&response.headers);
}

4
dapps/src/tests/helpers.rs
View File

@@ -92,3 +92,7 @@ pub fn serve() -> Server {
pub fn request(server: Server, request: &str) -> http_client::Response {
http_client::request(server.addr(), request)
}
pub fn assert_security_headers(headers: &[String]) {
http_client::assert_security_headers_present(headers)
}

6
dapps/src/tests/redirection.rs
View File

@@ -14,7 +14,7 @@
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
use tests::helpers::{serve, request};
use tests::helpers::{serve, request, assert_security_headers};
#[test]
fn should_redirect_to_home() {
@@ -74,6 +74,7 @@ fn should_display_404_on_invalid_dapp() {
// then
assert_eq!(response.status, "HTTP/1.1 404 Not Found".to_owned());
assert!(response.body.contains("href=\"/home/"));
assert_security_headers(&response.headers);
}
#[test]
@@ -94,6 +95,7 @@ fn should_display_404_on_invalid_dapp_with_domain() {
// then
assert_eq!(response.status, "HTTP/1.1 404 Not Found".to_owned());
assert!(response.body.contains("href=\"http://home.parity/"));
assert_security_headers(&response.headers);
}
#[test]
@@ -160,6 +162,7 @@ fn should_serve_proxy_pac() {
// then
assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
assert_eq!(response.body, "86\n\nfunction FindProxyForURL(url, host) {\n\tif (shExpMatch(host, \"*.parity\"))\n\t{\n\t\treturn \"PROXY 127.0.0.1:8080\";\n\t}\n\n\treturn \"DIRECT\";\n}\n\n0\n\n".to_owned());
assert_security_headers(&response.headers);
}
#[test]
@@ -181,5 +184,6 @@ fn should_serve_utils() {
// then
assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
assert_eq!(response.body.contains("function(){"), true);
assert_security_headers(&response.headers);
}