Fixed v0.1 oembed API tests

refs 5efef45dd0 - v0.1 oembed endpoint supported schemaless URLs according to the tests so support was added to the endpoint - updated the tests to use a valid oembed response - updated the tests to expect a validation error rather than an internal server error when the remote endpoint is not available
2025-03-11 02:12:21 -05:00 · 2020-04-07 14:43:53 +01:00 · 2020-04-07 14:43:53 +01:00 · 6ddce262be
commit 6ddce262be
parent 5efef45dd0
2 changed files with 11 additions and 3 deletions
--- a/core/server/api/v0.1/oembed.js
+++ b/core/server/api/v0.1/oembed.js
@ -64,6 +64,11 @@ function isIpOrLocalhost(url) {
 }

 function fetchOembedData(_url) {
+    // always treat protocol-relative URLs as https
+    if (_url.startsWith('//')) {
+        _url = `https:${_url}`;
+    }
+
    // parse the url then validate the protocol and host to make sure it's
    // http(s) and not an IP address or localhost to avoid potential access to
    // internal network endpoints
--- a/core/test/unit/api/v0.1/oembed_spec.js
+++ b/core/test/unit/api/v0.1/oembed_spec.js
@ -109,9 +109,12 @@ describe('API: oembed', function () {

            const requestMock = nock('https://host.tld')
                .intercept('/oembed', 'GET')
-                .query(true)
                .reply(200, {
-                    html: 'test'
+                    version: '1.0',
+                    type: 'rich',
+                    html: 'test',
+                    width: 200,
+                    height: 200
                });

            OembedAPI.read({url: 'https://host.tld/page'})
@ -134,7 +137,7 @@ describe('API: oembed', function () {
                .then(() => {
                    done(new Error('Fetch oembed with external failure should error'));
                }).catch((err) => {
-                    (err instanceof common.errors.InternalServerError).should.eql(true);
+                    (err instanceof common.errors.ValidationError).should.eql(true);
                    done();
                });
        });