async-http-client icon indicating copy to clipboard operation
async-http-client copied to clipboard

Published 20 hours ago verified publisher icon swift-server

Add tests for cross-origin headers

Open karwa opened this issue 4 years ago • 3 comments

I noticed that I was able to replace the same-origin check in HTTPHandler with if true and if false and still pass all of the tests.

https://github.com/swift-server/async-http-client/blob/f3521033efcf02027367197986afbbf6808a1ed8/Sources/AsyncHTTPClient/HTTPHandler.swift#L1241

karwa avatar Apr 28 '21 14:04 karwa

ouch, thank you!

weissi avatar Apr 28 '21 14:04 weissi

@karwa super glad you spotted this. Would you be interested in contributing a first few tests?

weissi avatar Apr 28 '21 14:04 weissi

@weissi I'm a bit busy at the moment working on URLs (news on that coming this week!), and I don't really understand all the ins-and-outs of HTTP so I'm not really confident about adding tests for it. I just noticed that it wasn't tested and wanted to make sure it was recorded somewhere.

Also, I'm not sure what the expected behaviour is for http(s)+unix URLs. The URL Standard actually says that they should have opaque origins, because they are not real HTTP URLs, and hence cannot not be same-origin even with themselves. Is anybody depending on that? No idea.

karwa avatar Apr 28 '21 14:04 karwa