Skip to content

Commit

Permalink
Embed API: fix CORS check (#9564)
Browse files Browse the repository at this point in the history
  • Loading branch information
@stsewd
stsewd authored Aug 30, 2022
1 parent d126428 commit eb11a4a
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 1 deletion.
2 changes: 1 addition & 1 deletion readthedocs/core/signals.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ def decide_if_cors(sender, request, **kwargs): # pylint: disable=unused-argumen
return True

project = unresolved.project
version_slug = unresolved.version_slug
version_slug = unresolved.version.slug
else:
project_slug = request.GET.get('project', None)
version_slug = request.GET.get('version', None)
Expand Down
17 changes: 17 additions & 0 deletions readthedocs/rtd_tests/tests/test_middleware.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,23 @@ def test_embed_api_private_version_linked_domain(self):
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)

def test_embed_api_external_url(self):
request = self.factory.get(
"/api/v2/embed/",
{"url": "https://pip.readthedocs.io/en/latest/index.hml"},
HTTP_ORIGIN="http://my.valid.domain",
)
resp = self.middleware.process_response(request, {})
self.assertIn("Access-Control-Allow-Origin", resp)

request = self.factory.get(
"/api/v2/embed/",
{"url": "https://docs.example.com/en/latest/index.hml"},
HTTP_ORIGIN="http://my.valid.domain",
)
resp = self.middleware.process_response(request, {})
self.assertIn("Access-Control-Allow-Origin", resp)

@mock.patch('readthedocs.core.signals._has_donate_app')
def test_sustainability_endpoint_allways_allowed(self, has_donate_app):
has_donate_app.return_value = True
Expand Down

0 comments on commit eb11a4a

Please sign in to comment.