Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix internals.originParser + tests to add protocol in all origin/allowOrigins values #46

Merged
merged 3 commits into from Feb 13, 2015

Conversation

@akanass
Copy link
Contributor

akanass commented Feb 12, 2015

Test case before fix

HOST => 0.0.0.0:9000
REQUEST_HOST => 127.0.0.1:9000
HOST === REQUEST_HOST => false

ORIGIN => "http://wega.demo:8080"
ALLOWS_ORIGINS => ["http://127.0.0.1:8080"]

this._origin  = origin.split(':') => ["http","//wega.demo","8080"]
this._originPort = this._origin.length === 2 ? this._origin[1] : null => null
this._originParts = this._origin[0].split('.') => ["http"]

allowOrigins[i] => http://127.0.0.1:8080

this._originAllow = allowOrigins[i].split(':') => ["http","//127.0.0.1","8080"]
this._originAllowPort = this._originAllow.length === 2 ? this._originAllow[1] : null => null
this._originAllowParts = this._originAllow[0].split('.') => ["http"]

this._originAllowParts[j] => http
this._originParts[j] => http

this._originAllowParts[j] === '*' => false
this._originAllowParts[j] === this._originParts[j] => true

MATCH => true

RETURN MATCH => true

We can see that we have differences between origin and allowOrigins but method returns true - failed

Test case after fix

HOST => 0.0.0.0:9000
REQUEST_HOST => 127.0.0.1:9000
HOST === REQUEST_HOST => false

ORIGIN => "http://wega.demo:8080"
ALLOWS_ORIGINS => ["http://127.0.0.1:8080"]

this._origin  = origin.split(':') => ["http","//wega.demo","8080"]
this._originPort = this._origin.length === 3 ? this._origin[2] : null => "8080"
this._originParts = this._origin[1].split('.') => ["//wega","demo"]

allowOrigins[i] => http://127.0.0.1:8080

this._originAllow = allowOrigins[i].split(':') => ["http","//127.0.0.1","8080"]
this._originAllowPort = this._originAllow.length === 3 ? this._originAllow[2] : null => "8080"
this._originAllowParts = this._originAllow[1].split('.') => ["//127","0","0","1"]

this._originAllowParts[j] => //127
this._originParts[j] => //wega

this._originAllowParts[j] === '//*' => false
this._originAllowParts[j] === this._originParts[j] => false

MATCH => false

END METHOD - RETURN MATCH => false

With the fix, result is correct because method returns false - correct

Thanks to add this fix in your plugin ASAP because I think is a very important issue.

Best regards.

akanass added 3 commits Feb 12, 2015
### Test case before fix
```javascript
HOST => 0.0.0.0:9000
REQUEST_HOST => 127.0.0.1:9000
HOST === REQUEST_HOST => false

ORIGIN => "http://wega.demo:8080"
ALLOWS_ORIGINS => ["http://127.0.0.1:8080"]

this._origin  = origin.split(':') => ["http","//wega.demo","8080"]
this._originPort = this._origin.length === 2 ? this._origin[1] : null => null
this._originParts = this._origin[0].split('.') => ["http"]

allowOrigins[i] => http://127.0.0.1:8080

this._originAllow = allowOrigins[i].split(':') => ["http","//127.0.0.1","8080"]
this._originAllowPort = this._originAllow.length === 2 ? this._originAllow[1] : null => null
this._originAllowParts = this._originAllow[0].split('.') => ["http"]

this._originAllowParts[j] => http
this._originParts[j] => http

this._originAllowParts[j] === '*' => false
this._originAllowParts[j] === this._originParts[j] => true

MATCH => true

RETURN MATCH => true
```

We can see that we have difference between `origin` and `allowOrigins` but method returns `true` - `failed`

### Test case after fix
```javascript
HOST => 0.0.0.0:9000
REQUEST_HOST => 127.0.0.1:9000
HOST === REQUEST_HOST => false

ORIGIN => "http://wega.demo:8080"
ALLOWS_ORIGINS => ["http://127.0.0.1:8080"]

this._origin  = origin.split(':') => ["http","//wega.demo","8080"]
this._originPort = this._origin.length === 3 ? this._origin[2] : null => "8080"
this._originParts = this._origin[1].split('.') => ["//wega","demo"]

allowOrigins[i] => http://127.0.0.1:8080

this._originAllow = allowOrigins[i].split(':') => ["http","//127.0.0.1","8080"]
this._originAllowPort = this._originAllow.length === 3 ? this._originAllow[2] : null => "8080"
this._originAllowParts = this._originAllow[1].split('.') => ["//127","0","0","1"]

this._originAllowParts[j] => //127
this._originParts[j] => //wega

this._originAllowParts[j] === '*' => false
this._originAllowParts[j] === this._originParts[j] => false

MATCH => false

END METHOD - RETURN MATCH => false
```

With the `fix`, result is correct because method returns `false` - `correct`

Thanks to add this fix in your plugin ASAP because I think is a very important issue.

Best regards.
fix internals.originParser
@stongo stongo added this to the 4.0.2 milestone Feb 13, 2015
@stongo stongo added the bug label Feb 13, 2015
stongo added a commit that referenced this pull request Feb 13, 2015
fix internals.originParser + tests to add protocol in all origin/allowOrigins values
@stongo stongo merged commit e62cc61 into hapijs:master Feb 13, 2015
1 check passed
1 check passed
continuous-integration/travis-ci The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.