-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Only block domains at the final destination (#15689)
In an earlier PR, we decided that we only want to block a domain if the blocked domain in the SiteSetting is the final destination (/t/59305). That PR used `FinalDestination#get`. `resolve` however is used several places but blocks domains along the redirect chain when certain options are provided. This commit changes the default options for `resolve` to not do that. Existing users of `FinalDestination#resolve` are - `Oneboxer#external_onebox` - our onebox helper `fetch_html_doc`, which is used in amazon, standard embed and youtube - these folks already go through `Oneboxer#external_onebox` which already blocks correctly
- Loading branch information
Showing
8 changed files
with
101 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# frozen_string_literal: true | ||
|
||
module Onebox | ||
class DomainChecker | ||
def self.is_blocked?(hostname) | ||
SiteSetting.blocked_onebox_domains&.split('|').any? do |blocked| | ||
hostname == blocked || hostname.end_with?(".#{blocked}") | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# frozen_string_literal: true | ||
|
||
require "rails_helper" | ||
|
||
describe Onebox::DomainChecker do | ||
describe '.is_blocked?' do | ||
before do | ||
SiteSetting.blocked_onebox_domains = "api.cat.org|kitten.cloud" | ||
end | ||
|
||
describe "returns true when entirely matched" do | ||
it { expect(described_class.is_blocked?("api.cat.org")).to be(true) } | ||
it { expect(described_class.is_blocked?("kitten.cloud")).to be(true) } | ||
it { expect(described_class.is_blocked?("api.dog.org")).to be(false) } | ||
it { expect(described_class.is_blocked?("puppy.cloud")).to be(false) } | ||
end | ||
|
||
describe "returns true when ends with .<domain>" do | ||
it { expect(described_class.is_blocked?("dev.api.cat.org")).to be(true) } | ||
it { expect(described_class.is_blocked?(".api.cat.org")).to be(true) } | ||
it { expect(described_class.is_blocked?("dev.kitten.cloud")).to be(true) } | ||
it { expect(described_class.is_blocked?(".kitten.cloud")).to be(true) } | ||
it { expect(described_class.is_blocked?("xapi.cat.org")).to be(false) } | ||
it { expect(described_class.is_blocked?("xkitten.cloud")).to be(false) } | ||
end | ||
end | ||
end |
aac9f43
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This commit has been mentioned on Discourse Meta. There might be relevant details there:
https://meta.discourse.org/t/users-not-able-to-login-in-when-invitation-has-expired/216814/8