mirror of
https://github.com/gohugoio/hugo.git
synced 2024-11-21 20:46:30 -05:00
parent
7c7baa6183
commit
2637b4ef4d
5 changed files with 41 additions and 7 deletions
|
@ -88,6 +88,9 @@ type HTTP struct {
|
||||||
|
|
||||||
// HTTP methods to allow.
|
// HTTP methods to allow.
|
||||||
Methods Whitelist `json:"methods"`
|
Methods Whitelist `json:"methods"`
|
||||||
|
|
||||||
|
// Media types where the Content-Type in the response is used instead of resolving from the file content.
|
||||||
|
MediaTypes Whitelist `json:"mediaTypes"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// ToTOML converts c to TOML with [security] as the root.
|
// ToTOML converts c to TOML with [security] as the root.
|
||||||
|
|
|
@ -163,8 +163,10 @@ func TestDecodeConfigDefault(t *testing.T) {
|
||||||
c.Assert(pc.HTTP.Methods.Accept("GET"), qt.IsTrue)
|
c.Assert(pc.HTTP.Methods.Accept("GET"), qt.IsTrue)
|
||||||
c.Assert(pc.HTTP.Methods.Accept("get"), qt.IsTrue)
|
c.Assert(pc.HTTP.Methods.Accept("get"), qt.IsTrue)
|
||||||
c.Assert(pc.HTTP.Methods.Accept("DELETE"), qt.IsFalse)
|
c.Assert(pc.HTTP.Methods.Accept("DELETE"), qt.IsFalse)
|
||||||
|
c.Assert(pc.HTTP.MediaTypes.Accept("application/msword"), qt.IsFalse)
|
||||||
|
|
||||||
c.Assert(pc.Exec.OsEnv.Accept("PATH"), qt.IsTrue)
|
c.Assert(pc.Exec.OsEnv.Accept("PATH"), qt.IsTrue)
|
||||||
c.Assert(pc.Exec.OsEnv.Accept("GOROOT"), qt.IsTrue)
|
c.Assert(pc.Exec.OsEnv.Accept("GOROOT"), qt.IsTrue)
|
||||||
c.Assert(pc.Exec.OsEnv.Accept("MYSECRET"), qt.IsFalse)
|
c.Assert(pc.Exec.OsEnv.Accept("MYSECRET"), qt.IsFalse)
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -138,9 +138,9 @@ func TestSecurityPolicies(t *testing.T) {
|
||||||
}
|
}
|
||||||
cb := func(b *sitesBuilder) {
|
cb := func(b *sitesBuilder) {
|
||||||
b.WithConfigFile("toml", `
|
b.WithConfigFile("toml", `
|
||||||
[security]
|
[security]
|
||||||
[security.exec]
|
[security.exec]
|
||||||
allow="none"
|
allow="none"
|
||||||
|
|
||||||
`)
|
`)
|
||||||
b.WithTemplatesAdded("index.html", `{{ $scss := "body { color: #333; }" | resources.FromString "foo.scss" | resources.ToCSS (dict "transpiler" "dartsass") }}`)
|
b.WithTemplatesAdded("index.html", `{{ $scss := "body { color: #333; }" | resources.FromString "foo.scss" | resources.ToCSS (dict "transpiler" "dartsass") }}`)
|
||||||
|
@ -166,6 +166,28 @@ func TestSecurityPolicies(t *testing.T) {
|
||||||
[security]
|
[security]
|
||||||
[security.http]
|
[security.http]
|
||||||
urls="none"
|
urls="none"
|
||||||
|
`)
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
c.Run("resources.GetRemote, fake JSON", func(c *qt.C) {
|
||||||
|
c.Parallel()
|
||||||
|
httpTestVariant(c, `{{ $json := resources.GetRemote "%[1]s/fakejson.json" }}{{ $json.Content }}`, `(?s).*failed to resolve media type.*`,
|
||||||
|
func(b *sitesBuilder) {
|
||||||
|
b.WithConfigFile("toml", `
|
||||||
|
`)
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
c.Run("resources.GetRemote, fake JSON whitelisted", func(c *qt.C) {
|
||||||
|
c.Parallel()
|
||||||
|
httpTestVariant(c, `{{ $json := resources.GetRemote "%[1]s/fakejson.json" }}{{ $json.Content }}`, ``,
|
||||||
|
func(b *sitesBuilder) {
|
||||||
|
b.WithConfigFile("toml", `
|
||||||
|
[security]
|
||||||
|
[security.http]
|
||||||
|
mediaTypes=["application/json"]
|
||||||
|
|
||||||
`)
|
`)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
BIN
hugolib/testdata/fakejson.json
vendored
Normal file
BIN
hugolib/testdata/fakejson.json
vendored
Normal file
Binary file not shown.
After Width: | Height: | Size: 42 B |
|
@ -171,10 +171,17 @@ func (c *Client) FromRemote(uri string, optionsm map[string]any) (resource.Resou
|
||||||
|
|
||||||
contentType := res.Header.Get("Content-Type")
|
contentType := res.Header.Get("Content-Type")
|
||||||
|
|
||||||
if isHeadMethod {
|
// For HEAD requests we have no body to work with, so we need to use the Content-Type header.
|
||||||
// We have no body to work with, so we need to use the Content-Type header.
|
if isHeadMethod || c.rs.ExecHelper.Sec().HTTP.MediaTypes.Accept(contentType) {
|
||||||
|
var found bool
|
||||||
|
mediaType, found = c.rs.MediaTypes().GetByType(contentType)
|
||||||
|
if !found {
|
||||||
|
// A media type not configured in Hugo, just create one from the content type string.
|
||||||
mediaType, _ = media.FromString(contentType)
|
mediaType, _ = media.FromString(contentType)
|
||||||
} else {
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if mediaType.IsZero() {
|
||||||
|
|
||||||
var extensionHints []string
|
var extensionHints []string
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue