From ed34010b435659eeaaae771b5a9add5106be8139 Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Fri, 17 Feb 2012 11:03:05 -0700
Subject: [PATCH] explicitly disable serving of unit test templates and all
resources under /test in staging or prod envs. issue #1044
---
lib/browserid/views.js | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/lib/browserid/views.js b/lib/browserid/views.js
index fb6170593..42810d861 100644
--- a/lib/browserid/views.js
+++ b/lib/browserid/views.js
@@ -10,7 +10,8 @@ fs = require('fs'),
connect = require('connect'),
config = require('../configuration.js'),
und = require('underscore'),
-util = require('util');
+util = require('util'),
+httputils = require('../httputils.js');
// all templated content, redirects, and renames are handled here.
// anything that is not an api, and not static
@@ -154,18 +155,19 @@ exports.setup = function(app) {
renderCachableView(req, res, 'add_email_address.ejs', {title: 'Verify Email Address', fullpage: false});
});
- /**
- *
- * XXX benadida or lloyd, I tried to use straight up regexp to do this, but.
- * is there a better way to do this?
- */
- function QUnit(req, res) {
- res.render('test.ejs', {title: 'BrowserID QUnit Test', layout: false});
+ // serve up testing templates. but NOT in staging or production. see GH-1044
+ if ([ 'https://browserid.org', 'https://diresworb.org' ].indexOf(config.get('public_url')) === -1) {
+ // serve test.ejs to /test or /test/ or /test/index.html
+ app.get(/^\/test\/?(?:index.html)?$/, function (req, res) {
+ res.render('test.ejs', {title: 'BrowserID QUnit Test', layout: false});
+ });
+ } else {
+ // this is stage or production, explicitly disable all resources under /test
+ app.get(/^\/test/, function(req, res) {
+ httputils.notFound("Cannot " + req.method + " " + req.url);
+ });
}
- app.get("/test", QUnit);
- app.get("/test/index.html", QUnit);
-
// REDIRECTS
REDIRECTS = {
"/manage": "/",
--
GitLab