From 8aca45b45b116abaa9594fc7f065128b858613d2 Mon Sep 17 00:00:00 2001 From: John Christopher Anderson Date: Wed, 5 May 2010 19:51:32 +0000 Subject: rewriter security to allow isolation of databases via subdomains git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@941451 13f79535-47bb-0310-9956-ffa450edef68 --- share/www/script/test/rewrite.js | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) (limited to 'share/www/script/test') diff --git a/share/www/script/test/rewrite.js b/share/www/script/test/rewrite.js index 848427be..d3888d9a 100644 --- a/share/www/script/test/rewrite.js +++ b/share/www/script/test/rewrite.js @@ -137,14 +137,7 @@ couchTests.rewrite = function(debug) { "query": { "key": [":a", ":b"] } - }, - - { - "from": "uuids", - "to": "../../../_uuids" } - - ], lists: { simpleForm: stringFun(function(head, req) { @@ -339,12 +332,29 @@ couchTests.rewrite = function(debug) { T(/Value: doc 4/.test(xhr.responseText)); // test path relative to server + designDoc.rewrites.push({ + "from": "uuids", + "to": "../../../_uuids" + }); + T(db.save(designDoc).ok); var xhr = CouchDB.request("GET", "/test_suite_db/_design/test/_rewrite/uuids"); - T(xhr.status == 200); + T(xhr.status == 500); var result = JSON.parse(xhr.responseText); - T(result.uuids.length == 1); - var first = result.uuids[0]; + T(result.error == "insecure_rewrite_rule"); + + run_on_modified_server( + [{section: "httpd", + key: "secure_rewrites", + value: "false"}], + function() { + var xhr = CouchDB.request("GET", "/test_suite_db/_design/test/_rewrite/uuids?cache=bust"); + T(xhr.status == 200); + var result = JSON.parse(xhr.responseText); + T(result.uuids.length == 1); + var first = result.uuids[0]; + }); + }); } \ No newline at end of file -- cgit v1.2.3