##// END OF EJS Templates
jro_apps » redmine
RSS
Make JSONP support optional and disabled by default (#12992)....
Jean-Philippe Lang -
r11042:9f127793be20
parent child
Show More
Side by Side Unified
Context file:
r11042:9f127793be20 Loading diff...:
Show file before | Show file after | Hide comments
@@ -19,6 +19,8
19 <p><%= setting_check_box :openid, :disabled => !Object.const_defined?(:OpenID) %></p>
19 <p><%= setting_check_box :openid, :disabled => !Object.const_defined?(:OpenID) %></p>
20
20
21 <p><%= setting_check_box :rest_api_enabled %></p>
21 <p><%= setting_check_box :rest_api_enabled %></p>
22
23 <p><%= setting_check_box :jsonp_enabled %></p>
22 </div>
24 </div>
23
25
24 <fieldset class="box">
26 <fieldset class="box">
Show file before | Show file after | Hide comments
@@ -397,6 +397,7 en:
397 setting_thumbnails_enabled: Display attachment thumbnails
397 setting_thumbnails_enabled: Display attachment thumbnails
398 setting_thumbnails_size: Thumbnails size (in pixels)
398 setting_thumbnails_size: Thumbnails size (in pixels)
399 setting_non_working_week_days: Non-working days
399 setting_non_working_week_days: Non-working days
400 setting_jsonp_enabled: Enable JSONP support
400
401
401 permission_add_project: Create project
402 permission_add_project: Create project
402 permission_add_subprojects: Create subprojects
403 permission_add_subprojects: Create subprojects
Show file before | Show file after | Hide comments
@@ -394,6 +394,7 fr:
394 setting_thumbnails_enabled: Afficher les vignettes des images
394 setting_thumbnails_enabled: Afficher les vignettes des images
395 setting_thumbnails_size: Taille des vignettes (en pixels)
395 setting_thumbnails_size: Taille des vignettes (en pixels)
396 setting_non_working_week_days: Jours non travaillΓ©s
396 setting_non_working_week_days: Jours non travaillΓ©s
397 setting_jsonp_enabled: Activer le support JSONP
397
398
398 permission_add_project: CrΓ©er un projet
399 permission_add_project: CrΓ©er un projet
399 permission_add_subprojects: CrΓ©er des sous-projets
400 permission_add_subprojects: CrΓ©er des sous-projets
Show file before | Show file after | Hide comments
@@ -211,6 +211,8 start_of_week:
211 default: ''
211 default: ''
212 rest_api_enabled:
212 rest_api_enabled:
213 default: 0
213 default: 0
214 jsonp_enabled:
215 default: 0
214 default_notification_option:
216 default_notification_option:
215 default: 'only_my_events'
217 default: 'only_my_events'
216 emails_header:
218 emails_header:
Show file before | Show file after | Hide comments
@@ -25,7 +25,10 module Redmine
25
25
26 def initialize(request, response)
26 def initialize(request, response)
27 super
27 super
28 self.jsonp = (request.params[:callback] || request.params[:jsonp]).to_s.gsub(/[^a-zA-Z0-9_]/, '')
28 callback = request.params[:callback] || request.params[:jsonp]
29 if callback && Setting.jsonp_enabled?
30 self.jsonp = callback.to_s.gsub(/[^a-zA-Z0-9_]/, '')
31 end
29 end
32 end
30
33
31 def output
34 def output
Show file before | Show file after | Hide comments
@@ -20,8 +20,20 require File.expand_path('../../../test_helper', __FILE__)
20 class Redmine::ApiTest::JsonpTest < Redmine::ApiTest::Base
20 class Redmine::ApiTest::JsonpTest < Redmine::ApiTest::Base
21 fixtures :trackers
21 fixtures :trackers
22
22
23 def test_should_ignore_jsonp_callback_with_jsonp_disabled
24 with_settings :jsonp_enabled => '0' do
25 get '/trackers.json?jsonp=handler'
26 end
27
28 assert_response :success
29 assert_match %r{^\{"trackers":.+\}$}, response.body
30 assert_equal 'application/json; charset=utf-8', response.headers['Content-Type']
31 end
32
23 def test_jsonp_should_accept_callback_param
33 def test_jsonp_should_accept_callback_param
24 get '/trackers.json?callback=handler'
34 with_settings :jsonp_enabled => '1' do
35 get '/trackers.json?callback=handler'
36 end
25
37
26 assert_response :success
38 assert_response :success
27 assert_match %r{^handler\(\{"trackers":.+\}\)$}, response.body
39 assert_match %r{^handler\(\{"trackers":.+\}\)$}, response.body
@@ -29,7 +41,9 class Redmine::ApiTest::JsonpTest < Redmine::ApiTest::Base
29 end
41 end
30
42
31 def test_jsonp_should_accept_jsonp_param
43 def test_jsonp_should_accept_jsonp_param
32 get '/trackers.json?jsonp=handler'
44 with_settings :jsonp_enabled => '1' do
45 get '/trackers.json?jsonp=handler'
46 end
33
47
34 assert_response :success
48 assert_response :success
35 assert_match %r{^handler\(\{"trackers":.+\}\)$}, response.body
49 assert_match %r{^handler\(\{"trackers":.+\}\)$}, response.body
@@ -37,7 +51,9 class Redmine::ApiTest::JsonpTest < Redmine::ApiTest::Base
37 end
51 end
38
52
39 def test_jsonp_should_strip_invalid_characters_from_callback
53 def test_jsonp_should_strip_invalid_characters_from_callback
40 get '/trackers.json?callback=+-aA$1_'
54 with_settings :jsonp_enabled => '1' do
55 get '/trackers.json?callback=+-aA$1_'
56 end
41
57
42 assert_response :success
58 assert_response :success
43 assert_match %r{^aA1_\(\{"trackers":.+\}\)$}, response.body
59 assert_match %r{^aA1_\(\{"trackers":.+\}\)$}, response.body
@@ -45,7 +61,9 class Redmine::ApiTest::JsonpTest < Redmine::ApiTest::Base
45 end
61 end
46
62
47 def test_jsonp_without_callback_should_return_json
63 def test_jsonp_without_callback_should_return_json
48 get '/trackers.json?callback='
64 with_settings :jsonp_enabled => '1' do
65 get '/trackers.json?callback='
66 end
49
67
50 assert_response :success
68 assert_response :success
51 assert_match %r{^\{"trackers":.+\}$}, response.body
69 assert_match %r{^\{"trackers":.+\}$}, response.body
General Comments 0
You need to be logged in to leave comments. Login now