From 0049b74a2d9218aa5bbb4b8823ced6103e3ad0e9 Mon Sep 17 00:00:00 2001 From: Hannah Wolfe Date: Tue, 31 Oct 2023 11:57:15 +0000 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Added=20well-known=20assetlinks.jso?= =?UTF-8?q?n=20to=20allowed=20files?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit refs: https://github.com/google/digitalassetlinks/blob/master/well-known/specification.md refs: https://github.com/google/digitalassetlinks/blob/master/well-known/details.md - allow themes to include assetlinks.json files to comply with the Google digital asset links spec --- .../frontend/web/middleware/static-theme.js | 2 +- .../web/middleware/static-theme.test.js | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/ghost/core/core/frontend/web/middleware/static-theme.js b/ghost/core/core/frontend/web/middleware/static-theme.js index e2a6d393fa..e3d5af00e7 100644 --- a/ghost/core/core/frontend/web/middleware/static-theme.js +++ b/ghost/core/core/frontend/web/middleware/static-theme.js @@ -45,7 +45,7 @@ function isAllowedFile(file) { const normalizedFilePath = path.normalize(decodedFilePath); - const allowedFiles = ['manifest.json']; + const allowedFiles = ['manifest.json', 'assetlinks.json']; const allowedPath = '/assets/'; const alwaysDeny = ['.hbs']; diff --git a/ghost/core/test/unit/frontend/web/middleware/static-theme.test.js b/ghost/core/test/unit/frontend/web/middleware/static-theme.test.js index 7fabf13b1e..fda60859b4 100644 --- a/ghost/core/test/unit/frontend/web/middleware/static-theme.test.js +++ b/ghost/core/test/unit/frontend/web/middleware/static-theme.test.js @@ -157,6 +157,23 @@ describe('staticTheme', function () { }); }); + it('should NOT skip if file is allowed even if nested', function (done) { + req.path = '/.well-known/assetlinks.json'; + + staticTheme()(req, res, function next() { + // Specifically gets called twice + activeThemeStub.calledTwice.should.be.true(); + expressStaticStub.called.should.be.true(); + + // Check that express static gets called with the theme path + maxAge + should.exist(expressStaticStub.firstCall.args); + expressStaticStub.firstCall.args[0].should.eql('my/fake/path'); + expressStaticStub.firstCall.args[1].should.be.an.Object().with.property('maxAge'); + + done(); + }); + }); + it('should NOT skip if file is in assets', function (done) { req.path = '/assets/whatever.json';