feat: CSP Violation ( 感叹号图标被拦截 )

2026-03-03 00:47:39 +08:00
parent 50bd2925c1
commit 235fc9c87f
4 changed files with 68 additions and 1 deletions
--- a/server/cmd/server/main.go
+++ b/server/cmd/server/main.go
@@ -98,6 +98,7 @@ func main() {
 	r := chi.NewRouter()
 	r.Use(chiMiddleware.Logger)
 	r.Use(chiMiddleware.Recoverer)
+	r.Use(chiMiddleware.StripSlashes)

 	// CORS Configuration
 	corsOrigins := os.Getenv("CORS_ORIGINS")
--- a/server/internal/handler/router_test.go
+++ b/server/internal/handler/router_test.go
@@ -0,0 +1,59 @@
+package handler_test
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/chi/v5/middleware"
+)
+
+func TestRouterStripSlashes(t *testing.T) {
+	r := chi.NewRouter()
+	r.Use(middleware.StripSlashes)
+
+	r.Route("/api/v1", func(r chi.Router) {
+		r.Post("/auth/login", func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(http.StatusOK)
+			w.Write([]byte(`{"code":200}`))
+		})
+	})
+
+	tests := []struct {
+		name           string
+		method         string
+		url            string
+		expectedStatus int
+	}{
+		{
+			name:           "Login without trailing slash",
+			method:         "POST",
+			url:            "/api/v1/auth/login",
+			expectedStatus: http.StatusOK,
+		},
+		{
+			name:           "Login with trailing slash",
+			method:         "POST",
+			url:            "/api/v1/auth/login/",
+			expectedStatus: http.StatusOK,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			req, _ := http.NewRequest(tt.method, tt.url, nil)
+			rr := httptest.NewRecorder()
+			r.ServeHTTP(rr, req)
+
+			if rr.Code != tt.expectedStatus {
+				t.Errorf("expected status %v, got %v for %s", tt.expectedStatus, rr.Code, tt.url)
+			}
+			
+			// Check if it redirected (it shouldn't with StripSlashes middleware correctly placed)
+			if rr.Code == http.StatusPermanentRedirect || rr.Code == http.StatusMovedPermanently {
+				t.Errorf("got redirect %v for %s", rr.Code, tt.url)
+			}
+		})
+	}
+}
--- a/web/.env
+++ b/web/.env
@@ -1 +1 @@
-VITE_API_BASE_URL=http://insight.buildapp.eu.org/api/v1
+VITE_API_BASE_URL=https://insight.buildapp.eu.org/api/v1
--- a/web/src/vite-env.d.ts
+++ b/web/src/vite-env.d.ts
@@ -0,0 +1,7 @@
+/// <reference types="vite/client" />
+
+declare module "*.vue" {
+    import type { DefineComponent } from "vue";
+    const component: DefineComponent<{}, {}, any>;
+    export default component;
+}