summaryrefslogtreecommitdiff
path: root/share/www
diff options
context:
space:
mode:
authorJohn Christopher Anderson <jchris@apache.org>2010-05-05 19:51:32 +0000
committerJohn Christopher Anderson <jchris@apache.org>2010-05-05 19:51:32 +0000
commit8aca45b45b116abaa9594fc7f065128b858613d2 (patch)
treebc0ffce8882c0ee8ea335906240f33702661ddab /share/www
parentd7d047f439880735377a4b8ea2ce2ef42921fff8 (diff)
rewriter security to allow isolation of databases via subdomains
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@941451 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'share/www')
-rw-r--r--share/www/script/test/rewrite.js30
1 files changed, 20 insertions, 10 deletions
diff --git a/share/www/script/test/rewrite.js b/share/www/script/test/rewrite.js
index 848427be..d3888d9a 100644
--- a/share/www/script/test/rewrite.js
+++ b/share/www/script/test/rewrite.js
@@ -137,14 +137,7 @@ couchTests.rewrite = function(debug) {
"query": {
"key": [":a", ":b"]
}
- },
-
- {
- "from": "uuids",
- "to": "../../../_uuids"
}
-
-
],
lists: {
simpleForm: stringFun(function(head, req) {
@@ -339,12 +332,29 @@ couchTests.rewrite = function(debug) {
T(/Value: doc 4/.test(xhr.responseText));
// test path relative to server
+ designDoc.rewrites.push({
+ "from": "uuids",
+ "to": "../../../_uuids"
+ });
+ T(db.save(designDoc).ok);
var xhr = CouchDB.request("GET", "/test_suite_db/_design/test/_rewrite/uuids");
- T(xhr.status == 200);
+ T(xhr.status == 500);
var result = JSON.parse(xhr.responseText);
- T(result.uuids.length == 1);
- var first = result.uuids[0];
+ T(result.error == "insecure_rewrite_rule");
+
+ run_on_modified_server(
+ [{section: "httpd",
+ key: "secure_rewrites",
+ value: "false"}],
+ function() {
+ var xhr = CouchDB.request("GET", "/test_suite_db/_design/test/_rewrite/uuids?cache=bust");
+ T(xhr.status == 200);
+ var result = JSON.parse(xhr.responseText);
+ T(result.uuids.length == 1);
+ var first = result.uuids[0];
+ });
+
});
} \ No newline at end of file