Permalink
Browse files

more static() tests

  • Loading branch information...
1 parent b670c05 commit f36abf5b659200fa5e7984b5be477315a0b64f3d @tj tj committed Nov 12, 2011
Showing with 32 additions and 1 deletion.
  1. +1 −0 test/fixtures/.hidden
  2. +31 −1 test/static.js
View
@@ -0,0 +1 @@
+I am hidden
View
@@ -58,13 +58,43 @@ describe('connect.static()', function(){
.get('/users/../todo.txt')
.expect('- groceries', done);
})
-
+
+ it('should support HEAD', function(done){
+ app.request()
+ .head('/todo.txt')
+ .expect('', done);
+ })
+
+ describe('hidden files', function(){
+ it('should be ignored by default', function(done){
+ app.request()
+ .get('/.hidden')
+ .expect(404, done);
+ })
+
+ it('should be served when hidden: true is given', function(done){
+ var app = connect();
+
+ app.use(connect.static(fixtures, { hidden: true }));
+
+ app.request()
+ .get('/.hidden')
+ .expect('I am hidden', done);
+ })
+ })
+
describe('when traversing passed root', function(){
it('should respond with 403 Forbidden', function(done){
app.request()
.get('/users/../../todo.txt')
.expect(403, done);
})
+
+ it('should catch urlencoded ../', function(done){
+ app.request()
+ .get('/users/%2e%2e/%2e%2e/todo.txt')
+ .expect(403, done);
+ })
})
describe('on ENOENT', function(){

0 comments on commit f36abf5

Please sign in to comment.