ghost

14070 commits 234 branches 1697 tags 546 MiB

Author	SHA1	Message	Date
Hannah Wolfe	1dec3d56b1	Renamed our acceptance tests to "e2e" - These are end-to-end tests, make it clearer what they are and what they are supposed to do	2021-10-06 12:40:52 +01:00
Kevin Ansfield	6875796417	Blocked 0.* IP addresses when making oembed requests no issue It was possible for authenticated/trusted admin users to make GET requests to localhost via the oembed service by crafting a redirect that used 0.0.0.0. - added the 0.* default route/routing block to the private IP regex used to block requests when we're contacting external sites - added an additional IP or localhost check in the oembed service when fetching bookmark card data	2021-09-14 11:35:14 +01:00
Hannah Wolfe	f08a55c21f	Renamed tests to .test.js & updated commands refs: https://github.com/TryGhost/Team/issues/856 refs: https://github.com/TryGhost/Team/issues/756 - The .test.js extension is better than _spec.js as it's more obvious that it's an extension - It also meaans we can use the --extension parameter in mocha, which should result in a better default behaviour for `yarn test` - It also highlights that some of our tests were named incorrectly and were not (and still will not be) run (see https://github.com/TryGhost/Team/issues/856) - Note: even with this change, `yarn test` is throwing errors, I believe because of this issue https://github.com/TryGhost/Team/issues/756	2021-07-06 20:45:01 +01:00

Author

SHA1

Message

Date

Hannah Wolfe

1dec3d56b1

Renamed our acceptance tests to "e2e"

- These are end-to-end tests, make it clearer what they are and what they are supposed to do

2021-10-06 12:40:52 +01:00

Kevin Ansfield

6875796417

Blocked 0.* IP addresses when making oembed requests

no issue

It was possible for authenticated/trusted admin users to make GET requests to localhost via the oembed service by crafting a redirect that used 0.0.0.0.

- added the 0.* default route/routing block to the private IP regex used to block requests when we're contacting external sites
- added an additional IP or localhost check in the oembed service when fetching bookmark card data

2021-09-14 11:35:14 +01:00

Hannah Wolfe

f08a55c21f

Renamed tests to .test.js & updated commands

refs: https://github.com/TryGhost/Team/issues/856
refs: https://github.com/TryGhost/Team/issues/756

- The .test.js extension is better than _spec.js as it's more obvious that it's an extension
- It also meaans we can use the --extension parameter in mocha, which should result in a better default behaviour for `yarn test`
- It also highlights that some of our tests were named incorrectly and were not (and still will not be) run (see https://github.com/TryGhost/Team/issues/856)
- Note: even with this change, `yarn test` is throwing errors, I believe because of this issue https://github.com/TryGhost/Team/issues/756

2021-07-06 20:45:01 +01:00

Renamed from test/api-acceptance/admin/oembed_spec.js (Browse further)

3 commits