This is an automated email from the ASF dual-hosted git repository. jan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/couchdb.git
The following commit(s) were added to refs/heads/master by this push: new 3bd033b Prevent access to Fauxton on node-local port (5986) 3bd033b is described below commit 3bd033b77ad358a223b01cd8f03fe92caed593dc Author: Joan Touzet <jo...@atypical.net> AuthorDate: Fri Mar 2 19:12:56 2018 -0500 Prevent access to Fauxton on node-local port (5986) Will help stop people shooting themselves in the foot and/or using node-local CouchDB as their "main" CouchDB port. Closes #1198 --- .../test/chttpd_csp_tests.erl} | 11 +++++----- src/couch/src/couch_httpd_misc_handlers.erl | 25 ++-------------------- src/couch/test/couchdb_vhosts_tests.erl | 25 ---------------------- 3 files changed, 7 insertions(+), 54 deletions(-) diff --git a/src/couch/test/couchdb_csp_tests.erl b/src/chttpd/test/chttpd_csp_tests.erl similarity index 90% rename from src/couch/test/couchdb_csp_tests.erl rename to src/chttpd/test/chttpd_csp_tests.erl index 5eb33f9..e864362 100644 --- a/src/couch/test/couchdb_csp_tests.erl +++ b/src/chttpd/test/chttpd_csp_tests.erl @@ -10,29 +10,28 @@ % License for the specific language governing permissions and limitations under % the License. --module(couchdb_csp_tests). +-module(chttpd_csp_tests). -include_lib("couch/include/couch_eunit.hrl"). --define(TIMEOUT, 1000). - setup() -> ok = config:set("csp", "enable", "true", false), - Addr = config:get("httpd", "bind_address", "127.0.0.1"), - Port = integer_to_list(mochiweb_socket_server:get(couch_httpd, port)), + Addr = config:get("chttpd", "bind_address", "127.0.0.1"), + Port = mochiweb_socket_server:get(chttpd, port), lists:concat(["http://", Addr, ":", Port, "/_utils/"]). teardown(_) -> ok. + csp_test_() -> { "Content Security Policy tests", { setup, - fun test_util:start_couch/0, fun test_util:stop_couch/1, + fun chttpd_test_util:start_couch/0, fun chttpd_test_util:stop_couch/1, { foreach, fun setup/0, fun teardown/1, diff --git a/src/couch/src/couch_httpd_misc_handlers.erl b/src/couch/src/couch_httpd_misc_handlers.erl index ddc3d64..e2fc9f2 100644 --- a/src/couch/src/couch_httpd_misc_handlers.erl +++ b/src/couch/src/couch_httpd_misc_handlers.erl @@ -61,30 +61,9 @@ handle_file_req(#httpd{method='GET'}=Req, Document) -> handle_file_req(Req, _) -> send_method_not_allowed(Req, "GET,HEAD"). -handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) -> - "/" ++ UrlPath = couch_httpd:path(Req), - case couch_httpd:partition(UrlPath) of - {_ActionKey, "/", RelativePath} -> - % GET /_utils/path or GET /_utils/ - CachingHeaders = [{"Cache-Control", "private, must-revalidate"}], - EnableCsp = config:get("csp", "enable", "false"), - Headers = maybe_add_csp_headers(CachingHeaders, EnableCsp), - couch_httpd:serve_file(Req, RelativePath, DocumentRoot, Headers); - {_ActionKey, "", _RelativePath} -> - % GET /_utils - RedirectPath = couch_httpd:path(Req) ++ "/", - couch_httpd:send_redirect(Req, RedirectPath) - end; handle_utils_dir_req(Req, _) -> - send_method_not_allowed(Req, "GET,HEAD"). - -maybe_add_csp_headers(Headers, "true") -> - DefaultValues = "default-src 'self'; img-src 'self' data:; font-src 'self'; " - "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';", - Value = config:get("csp", "header_value", DefaultValues), - [{"Content-Security-Policy", Value} | Headers]; -maybe_add_csp_headers(Headers, _) -> - Headers. + send_error(Req, 410, <<"no_node_local_fauxton">>, + ?l2b("The web interface is no longer available on the node-local port.")). handle_all_dbs_req(#httpd{method='GET'}=Req) -> diff --git a/src/couch/test/couchdb_vhosts_tests.erl b/src/couch/test/couchdb_vhosts_tests.erl index dfac73c..2562a06 100644 --- a/src/couch/test/couchdb_vhosts_tests.erl +++ b/src/couch/test/couchdb_vhosts_tests.erl @@ -46,14 +46,6 @@ setup() -> couch_db:ensure_full_commit(Db), couch_db:close(Db), - test_util:with_process_restart(couch_httpd, fun() -> - config:set("httpd_global_handlers", "_utils", - "{couch_httpd_misc_handlers, handle_utils_dir_req, <<\"" - ++ ?TEMPDIR - ++ "\">>}" - ) - end), - Addr = config:get("httpd", "bind_address", "127.0.0.1"), Port = integer_to_list(mochiweb_socket_server:get(couch_httpd, port)), Url = "http://" ++ Addr ++ ":" ++ Port, @@ -76,7 +68,6 @@ vhosts_test_() -> [ fun should_return_database_info/1, fun should_return_revs_info/1, - fun should_serve_utils_for_vhost/1, fun should_return_virtual_request_path_field_in_request/1, fun should_return_real_request_path_field_in_request/1, fun should_match_wildcard_vhost/1, @@ -122,22 +113,6 @@ should_return_revs_info({Url, DbName}) -> end end). -should_serve_utils_for_vhost({Url, DbName}) -> - ?_test(begin - ok = config:set("vhosts", "example.com", "/" ++ DbName, false), - ensure_index_file(), - case test_request:get(Url ++ "/_utils/index.html", [], - [{host_header, "example.com"}]) of - {ok, _, _, Body} -> - ?assertMatch(<<"<!DOCTYPE html>", _/binary>>, Body); - Else -> - erlang:error({assertion_failed, - [{module, ?MODULE}, - {line, ?LINE}, - {reason, ?iofmt("Request failed: ~p", [Else])}]}) - end - end). - should_return_virtual_request_path_field_in_request({Url, DbName}) -> ?_test(begin ok = config:set("vhosts", "example1.com", -- To stop receiving notification emails like this one, please contact j...@apache.org.