This repository has been archived by the owner on Apr 3, 2019. It is now read-only.
/
routes.js
129 lines (109 loc) · 4.37 KB
/
routes.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
define([
'intern',
'intern!object',
'intern/chai!assert',
'intern/dojo/node!../../server/lib/configuration',
'intern/dojo/node!request',
'intern/dojo/node!url'
], function (intern, registerSuite, assert, config, request, url) {
'use strict';
var httpUrl, httpsUrl = intern.config.fxaContentRoot.replace(/\/$/, '');
if (intern.config.fxaProduction) {
assert.equal(0, httpsUrl.indexOf('https://'), 'uses https scheme');
httpUrl = httpsUrl.replace('https://', 'http://');
} else {
httpUrl = httpsUrl.replace(config.get('port'), config.get('http_port'));
}
var suite = {
name: 'front end routes'
};
var routes = {
'/config': { statusCode: 200, headerAccept: 'application/json' },
'/signin': { statusCode: 200 },
'/signup': { statusCode: 200 },
'/signup_complete': { statusCode: 200 },
'/confirm': { statusCode: 200 },
'/settings': { statusCode: 200 },
'/settings/avatar': { statusCode: 200 },
'/settings/avatar/change': { statusCode: 200 },
'/settings/avatar/gravatar': { statusCode: 200 },
'/settings/avatar/camera': { statusCode: 200 },
'/settings/avatar/crop': { statusCode: 200 },
'/change_password': { statusCode: 200 },
'/legal': { statusCode: 200 },
'/legal/terms': { statusCode: 200 },
'/legal/privacy': { statusCode: 200 },
'/cannot_create_account': { statusCode: 200 },
'/verify_email': { statusCode: 200 },
'/reset_password': { statusCode: 200 },
'/confirm_reset_password': { statusCode: 200 },
'/complete_reset_password': { statusCode: 200 },
'/reset_password_complete': { statusCode: 200 },
'/delete_account': { statusCode: 200 },
'/force_auth': { statusCode: 200 },
'/ver.json': { statusCode: 200, headerAccept: 'application/json' },
'/cookies_disabled': { statusCode: 200 }
};
if (config.get('are_dist_resources')) {
routes['/500.html'] = { statusCode: 200 };
routes['/503.html'] = { statusCode: 200 };
}
if (!intern.config.fxaProduction) {
routes['/tests/index.html'] = { statusCode: 200 };
routes['/tests/index.html?coverage'] = { statusCode: 200 };
routes['/boom'] = { statusCode: 500 };
routes['/non_existent'] = { statusCode: 404 };
routes['/legal/non_existent'] = { statusCode: 404 };
routes['/en-US/legal/non_existent'] = { statusCode: 404 };
}
var iframeAllowedRoutes = [
'/legal/terms',
'/legal/privacy'
];
function routeTest(route, expectedStatusCode, requestOptions) {
suite['#https get ' + httpsUrl + route] = function () {
var dfd = this.async(intern.config.asyncTimeout);
request(httpsUrl + route, requestOptions, dfd.callback(function (err, res) {
checkHeaders(route, res);
assert.equal(res.statusCode, expectedStatusCode);
}, dfd.reject.bind(dfd)));
};
// test to ensure http->https redirection works as expected.
suite['#http get ' + httpUrl + route] = function () {
var dfd = this.async(intern.config.asyncTimeout);
request(httpUrl + route, requestOptions, dfd.callback(function (err, res) {
checkHeaders(route, res);
assert.equal(res.statusCode, expectedStatusCode);
}, dfd.reject.bind(dfd)));
};
}
Object.keys(routes).forEach(function (key) {
var requestOptions = {
headers: {
'Accept': routes[key].headerAccept || 'text/html'
}
};
routeTest(key, routes[key].statusCode, requestOptions);
});
registerSuite(suite);
function checkHeaders(route, res) {
var headers = res.headers;
if (iframeAllowedRoutes.indexOf(route) >= 0) {
assert.notOk(headers.hasOwnProperty('x-frame-options'));
} else {
assert.ok(headers.hasOwnProperty('x-frame-options'));
}
if (intern.config.fxaProduction) {
assert.ok(headers.hasOwnProperty('content-security-policy-report-only'));
} else if (config.get('env') === 'development' &&
// the front end tests do not get CSP headers.
url.parse(route).pathname !== '/tests/index.html') {
assert.ok(headers.hasOwnProperty('content-security-policy'));
}
assert.equal(headers['x-content-type-options'], 'nosniff');
assert.include(headers['strict-transport-security'], 'max-age=');
}
});