feat: CSP Violation ( 感叹号图标被拦截 )
This commit is contained in:
zs
@@ -98,6 +98,7 @@ func main() {
|
|||||||
r := chi.NewRouter()
|
r := chi.NewRouter()
|
||||||
r.Use(chiMiddleware.Logger)
|
r.Use(chiMiddleware.Logger)
|
||||||
r.Use(chiMiddleware.Recoverer)
|
r.Use(chiMiddleware.Recoverer)
|
||||||
|
r.Use(chiMiddleware.StripSlashes)
|
||||||
|
|
||||||
// CORS Configuration
|
// CORS Configuration
|
||||||
corsOrigins := os.Getenv("CORS_ORIGINS")
|
corsOrigins := os.Getenv("CORS_ORIGINS")
|
||||||
|
|||||||
59
server/internal/handler/router_test.go
Normal file
59
server/internal/handler/router_test.go
Normal file
@@ -0,0 +1,59 @@
|
|||||||
|
package handler_test
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/go-chi/chi/v5"
|
||||||
|
"github.com/go-chi/chi/v5/middleware"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestRouterStripSlashes(t *testing.T) {
|
||||||
|
r := chi.NewRouter()
|
||||||
|
r.Use(middleware.StripSlashes)
|
||||||
|
|
||||||
|
r.Route("/api/v1", func(r chi.Router) {
|
||||||
|
r.Post("/auth/login", func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
w.WriteHeader(http.StatusOK)
|
||||||
|
w.Write([]byte(`{"code":200}`))
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
method string
|
||||||
|
url string
|
||||||
|
expectedStatus int
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "Login without trailing slash",
|
||||||
|
method: "POST",
|
||||||
|
url: "/api/v1/auth/login",
|
||||||
|
expectedStatus: http.StatusOK,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Login with trailing slash",
|
||||||
|
method: "POST",
|
||||||
|
url: "/api/v1/auth/login/",
|
||||||
|
expectedStatus: http.StatusOK,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
req, _ := http.NewRequest(tt.method, tt.url, nil)
|
||||||
|
rr := httptest.NewRecorder()
|
||||||
|
r.ServeHTTP(rr, req)
|
||||||
|
|
||||||
|
if rr.Code != tt.expectedStatus {
|
||||||
|
t.Errorf("expected status %v, got %v for %s", tt.expectedStatus, rr.Code, tt.url)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check if it redirected (it shouldn't with StripSlashes middleware correctly placed)
|
||||||
|
if rr.Code == http.StatusPermanentRedirect || rr.Code == http.StatusMovedPermanently {
|
||||||
|
t.Errorf("got redirect %v for %s", rr.Code, tt.url)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
2
web/.env
2
web/.env
@@ -1 +1 @@
|
|||||||
VITE_API_BASE_URL=http://insight.buildapp.eu.org/api/v1
|
VITE_API_BASE_URL=https://insight.buildapp.eu.org/api/v1
|
||||||
7
web/src/vite-env.d.ts
vendored
Normal file
7
web/src/vite-env.d.ts
vendored
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
/// <reference types="vite/client" />
|
||||||
|
|
||||||
|
declare module "*.vue" {
|
||||||
|
import type { DefineComponent } from "vue";
|
||||||
|
const component: DefineComponent<{}, {}, any>;
|
||||||
|
export default component;
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user