fix homepage storefront proxy and CSP
Build & Deploy / Build & Push Docker Image (push) Successful in 2m50s
Test / Type Check (all packages) (push) Successful in 52s
Build & Deploy / Deploy to VPS (push) Successful in 3s
Test / API Unit Tests (push) Successful in 54s
Test / Homepage Unit Tests (push) Successful in 44s
Test / Storefront Unit Tests (push) Successful in 41s
Test / Admin Unit Tests (push) Successful in 42s
Test / Dashboard Unit Tests (push) Successful in 41s
Test / API Integration Tests (push) Successful in 1m0s
Build & Deploy / Build & Push Docker Image (push) Successful in 2m50s
Test / Type Check (all packages) (push) Successful in 52s
Build & Deploy / Deploy to VPS (push) Successful in 3s
Test / API Unit Tests (push) Successful in 54s
Test / Homepage Unit Tests (push) Successful in 44s
Test / Storefront Unit Tests (push) Successful in 41s
Test / Admin Unit Tests (push) Successful in 42s
Test / Dashboard Unit Tests (push) Successful in 41s
Test / API Integration Tests (push) Successful in 1m0s
This commit is contained in:
@@ -12,7 +12,9 @@ describe('CSP foundation', () => {
|
||||
it('allows required runtime evaluation without enabling development-only sources', () => {
|
||||
expect(buildContentSecurityPolicy('abc', true)).toContain("'unsafe-eval'");
|
||||
expect(buildContentSecurityPolicy('abc', false)).toContain("'unsafe-eval'");
|
||||
expect(buildContentSecurityPolicy('abc', false)).toContain("'nonce-abc'");
|
||||
expect(buildContentSecurityPolicy('abc', false)).toContain("'unsafe-inline'");
|
||||
expect(buildContentSecurityPolicy('abc', false)).not.toContain("'strict-dynamic'");
|
||||
expect(buildContentSecurityPolicy('abc', false)).not.toContain("'nonce-abc'");
|
||||
expect(buildContentSecurityPolicy('abc', false)).toContain(
|
||||
"style-src 'self' 'unsafe-inline'",
|
||||
);
|
||||
|
||||
@@ -0,0 +1,71 @@
|
||||
import { beforeEach, describe, expect, it, vi } from 'vitest';
|
||||
|
||||
const nextServer = vi.hoisted(() => {
|
||||
const next = vi.fn((init?: { request?: { headers?: Headers } }) => ({
|
||||
kind: 'next',
|
||||
init,
|
||||
cookies: {
|
||||
set: vi.fn(),
|
||||
},
|
||||
headers: new Headers(),
|
||||
}));
|
||||
const redirect = vi.fn((url: URL) => ({
|
||||
kind: 'redirect',
|
||||
url: url.toString(),
|
||||
cookies: {
|
||||
set: vi.fn(),
|
||||
},
|
||||
headers: new Headers(),
|
||||
}));
|
||||
return { next, redirect };
|
||||
});
|
||||
|
||||
vi.mock('next/server', () => ({
|
||||
NextResponse: {
|
||||
next: nextServer.next,
|
||||
redirect: nextServer.redirect,
|
||||
},
|
||||
}));
|
||||
|
||||
function cloneableUrl(input: string): URL {
|
||||
const url = new URL(input);
|
||||
(url as URL & { clone: () => URL }).clone = () => cloneableUrl(url.toString());
|
||||
return url;
|
||||
}
|
||||
|
||||
function request(input: string) {
|
||||
return {
|
||||
nextUrl: cloneableUrl(input),
|
||||
cookies: {
|
||||
get: vi.fn(),
|
||||
},
|
||||
headers: new Headers(),
|
||||
};
|
||||
}
|
||||
|
||||
beforeEach(() => {
|
||||
nextServer.next.mockClear();
|
||||
nextServer.redirect.mockClear();
|
||||
});
|
||||
|
||||
describe('homepage proxy app boundaries', () => {
|
||||
it('does not localize storefront proxy paths', async () => {
|
||||
const { proxy } = await import('@/proxy');
|
||||
|
||||
const response = proxy(request('https://rentaldrivego.ma/storefront/en') as never) as any;
|
||||
|
||||
expect(response.kind).toBe('next');
|
||||
expect(nextServer.redirect).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('redirects locale-prefixed storefront paths back to the storefront proxy mount', async () => {
|
||||
const { proxy } = await import('@/proxy');
|
||||
|
||||
const response = proxy(request('https://rentaldrivego.ma/en/storefront/en') as never) as any;
|
||||
|
||||
expect(response).toMatchObject({
|
||||
kind: 'redirect',
|
||||
url: 'https://rentaldrivego.ma/storefront/en',
|
||||
});
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user