|
|
|
@ -90,7 +90,7 @@ def test_file_slashslash_access(client, live_server, measure_memory_usage):
|
|
|
|
def test_file_slash_access(client, live_server, measure_memory_usage):
|
|
|
|
def test_file_slash_access(client, live_server, measure_memory_usage):
|
|
|
|
#live_server_setup(live_server)
|
|
|
|
#live_server_setup(live_server)
|
|
|
|
|
|
|
|
|
|
|
|
test_file_path = "/tmp/test-file.txt"
|
|
|
|
test_file_path = os.path.abspath(__file__)
|
|
|
|
|
|
|
|
|
|
|
|
# file:// is permitted by default, but it will be caught by ALLOW_FILE_URI
|
|
|
|
# file:// is permitted by default, but it will be caught by ALLOW_FILE_URI
|
|
|
|
client.post(
|
|
|
|
client.post(
|
|
|
|
@ -103,12 +103,9 @@ def test_file_slash_access(client, live_server, measure_memory_usage):
|
|
|
|
|
|
|
|
|
|
|
|
# If it is enabled at test time
|
|
|
|
# If it is enabled at test time
|
|
|
|
if strtobool(os.getenv('ALLOW_FILE_URI', 'false')):
|
|
|
|
if strtobool(os.getenv('ALLOW_FILE_URI', 'false')):
|
|
|
|
res = client.get(
|
|
|
|
# So it should permit it, but it should fall back to the 'requests' library giving an error
|
|
|
|
url_for("preview_page", uuid="first"),
|
|
|
|
# (but means it gets passed to playwright etc)
|
|
|
|
follow_redirects=True
|
|
|
|
assert b"URLs with hostname components are not permitted" in res.data
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
assert b"test_file_slash_access" in res.data
|
|
|
|
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
# Default should be here
|
|
|
|
# Default should be here
|
|
|
|
assert b'file:// type access is denied for security reasons.' in res.data
|
|
|
|
assert b'file:// type access is denied for security reasons.' in res.data
|
|
|
|
|
dgtlmoon
2 months ago