From 3c5ddf719e78acbe66d0896b9d0d013d9e02279b Mon Sep 17 00:00:00 2001 From: Scott Gress Date: Thu, 10 Nov 2016 18:22:11 -0600 Subject: [PATCH] Add "skipAssets" regex to default "routesDisabled" array for sessions --- lib/hooks/session/index.js | 2 +- test/integration/middleware.session.test.js | 56 +++++++++++++++++++-- 2 files changed, 52 insertions(+), 6 deletions(-) diff --git a/lib/hooks/session/index.js b/lib/hooks/session/index.js index 5a28c0a77c..5fd2b7931c 100644 --- a/lib/hooks/session/index.js +++ b/lib/hooks/session/index.js @@ -44,7 +44,7 @@ module.exports = function(app) { session: { adapter: 'memory', key: 'sails.sid', - routesDisabled: [] + routesDisabled: ['GET r|^[^?]*/[^?/]+\\.[^?/]+(\\?.*)?$|'] } }, diff --git a/test/integration/middleware.session.test.js b/test/integration/middleware.session.test.js index 780c33d1d2..4abc82258e 100644 --- a/test/integration/middleware.session.test.js +++ b/test/integration/middleware.session.test.js @@ -120,8 +120,54 @@ describe('middleware :: ', function() { }); + describe('requesting a route listed in sails.config.session.routesDisabled (with default settings)', function() { - describe('requesting a route listed in sails.config.session.routesDisabled', function() { + // Lift a Sails instance in production mode + var app = Sails(); + before(function (done){ + app.lift({ + globals: false, + port: 1535, + environment: 'development', + log: {level: 'silent'}, + session: { + secret: 'abc123' + }, + hooks: {grunt: false}, + routes: { + '/sails.io.js': function(req, res) { + return res.status(200).send(); + } + } + }, done); + }); + + describe('static asset', function() { + + it('there should be no `set-cookie` header in the response', function(done) { + + request( + { + method: 'GET', + uri: 'http://localhost:1535/sails.io.js', + }, + function(err, response, body) { + assert.equal(response.statusCode, 200); + assert(_.isUndefined(response.headers['set-cookie'])); + return done(); + } + ); + }); + + }); + + after(function(done) { + return app.lower(done); + }); + + }); + + describe('requesting a route listed in sails.config.session.routesDisabled (custom settings)', function() { // Lift a Sails instance in production mode var app = Sails(); @@ -133,7 +179,7 @@ describe('middleware :: ', function() { log: {level: 'silent'}, session: { secret: 'abc123', - routesDisabled: ['/test', '/foo/:id/bar/', 'POST /bar', 'ALL /baz', 'GET r|^[^?]*/[^?/]+\\.[^?/]+(\\?.*)?$|'] + routesDisabled: ['/test', '/foo/:id/bar/', 'POST /bar', 'ALL /baz'] }, hooks: {grunt: false}, routes: { @@ -279,9 +325,9 @@ describe('middleware :: ', function() { }); - describe('regex path', function() { + describe('static asset', function() { - it('there should be no `set-cookie` header in the response', function(done) { + it('there SHOULD be a `set-cookie` header in the response', function(done) { request( { @@ -290,7 +336,7 @@ describe('middleware :: ', function() { }, function(err, response, body) { assert.equal(response.statusCode, 200); - assert(_.isUndefined(response.headers['set-cookie'])); + assert(response.headers['set-cookie']); return done(); } );