From a0ca79868b4c55100e7e6bfe1b107faaca2941ad Mon Sep 17 00:00:00 2001 From: Mark Peace Date: Thu, 5 May 2016 10:26:24 +0100 Subject: [PATCH] Respect whitelisted remote guides hosts from server regardless of server edition --- app/scripts/init/commandInterpreters.coffee | 2 +- lib/helpers.coffee | 8 ++++---- test/spec/other/utils.coffee | 20 ++++++++------------ 3 files changed, 13 insertions(+), 17 deletions(-) diff --git a/app/scripts/init/commandInterpreters.coffee b/app/scripts/init/commandInterpreters.coffee index 3408ab3bdd6..5f39f0a40fc 100644 --- a/app/scripts/init/commandInterpreters.coffee +++ b/app/scripts/init/commandInterpreters.coffee @@ -129,7 +129,7 @@ angular.module('neo4jApp') is_remote = yes url = input[('play'.length+2)..] host = url.match(/^(https?:\/\/[^\/]+)/)[1] - host_ok = Utils.hostIsAllowed host, $rootScope.kernel['browser.remote_content_hostname_whitelist'], $rootScope.neo4j.enterpriseEdition + host_ok = Utils.hostIsAllowed host, $rootScope.kernel['browser.remote_content_hostname_whitelist'] else topic = topicalize(clean_url) or 'start' url = "content/guides/#{topic}.html" diff --git a/lib/helpers.coffee b/lib/helpers.coffee index cc9e9d21825..e7ffd60c1a9 100644 --- a/lib/helpers.coffee +++ b/lib/helpers.coffee @@ -142,10 +142,10 @@ class neo.helpers @stripNGAttributes = (string = '') -> string.replace(/(\s+(ng|data|x)[^\s=]*\s*=\s*("[^"]*"|'[^']*'|[\w\-.:]+\s*))/ig, '') - @hostIsAllowed = (hostname, whitelist, is_enterprise) -> - return true if is_enterprise and (not whitelist or whitelist is '*') - whitelisted_hosts = if is_enterprise then whitelist.split(",") else ['http://guides.neo4j.com', 'https://guides.neo4j.com', 'http://localhost', 'https://localhost'] - hostname in whitelisted_hosts + @hostIsAllowed = (hostname, whitelist) -> + return true if whitelist is '*' + whitelisted_hosts = if whitelist? and whitelist isnt '' then whitelist.split(",") else ['http://guides.neo4j.com', 'https://guides.neo4j.com', 'http://localhost', 'https://localhost'] + hostname in whitelisted_hosts @getBrowserName = -> return 'Opera' if !!window.opera || navigator.userAgent.indexOf(' OPR/') >= 0 diff --git a/test/spec/other/utils.coffee b/test/spec/other/utils.coffee index 288db616c77..bbfd427710b 100644 --- a/test/spec/other/utils.coffee +++ b/test/spec/other/utils.coffee @@ -118,20 +118,16 @@ describe 'Utils', () -> text = 'hello

xxx

' expect(Utils.cleanHTML text).toBe 'hello

xxx

' - it 'should respect whitelist for enterprise edition', -> + it 'should respect whitelist from server', -> host = 'http://first.com' whitelist = 'http://second.com,http://third.com' - expect(Utils.hostIsAllowed host, '*', yes).toBe yes - expect(Utils.hostIsAllowed host, host, yes).toBe yes - expect(Utils.hostIsAllowed host, whitelist, yes).toBe no - - it 'should ignore whitelist for non enterprise editions', -> - host = 'http://first.com' - whitelist = 'http://second.com,http://third.com' - expect(Utils.hostIsAllowed host, '*', no).toBe no - expect(Utils.hostIsAllowed host, host, no).toBe no - expect(Utils.hostIsAllowed host, whitelist, no).toBe no - expect(Utils.hostIsAllowed 'http://guides.neo4j.com', whitelist, no).toBe yes + expect(Utils.hostIsAllowed host, '*').toBe yes + expect(Utils.hostIsAllowed host, null).toBe no + expect(Utils.hostIsAllowed host, '').toBe no + expect(Utils.hostIsAllowed host, host).toBe yes + expect(Utils.hostIsAllowed host, whitelist).toBe no + expect(Utils.hostIsAllowed 'http://guides.neo4j.com', null).toBe yes + expect(Utils.hostIsAllowed 'http://guides.neo4j.com', '').toBe yes it 'should merge two arrays with documents without duplicates', -> arr1 = [getDocument('MATCH (n) RETURN n'), getDocument('//My script\nRETURN "me"')]