cartodb/CartoDB-SQL-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do not execute queries on OPTIONS. Closes #94

Browse Source
This commit is contained in:
Sandro Santilli 2013-05-24 14:21:13 +02:00
parent 985631092b
commit 3f98cab09a
3 changed files with 33 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS.md
View File

@ -5,6 +5,7 @@
* Update underscore dependency * Update underscore dependency
* Add munin plugin * Add munin plugin
* Make PostgreSQL client pooling settings configurable (#47) * Make PostgreSQL client pooling settings configurable (#47)
* Do not execute queries on OPTIONS (#94)
1.3.9 1.3.9
----- -----

1
app/controllers/app.js
View File

@ -52,6 +52,7 @@ app.use(express.bodyParser());
app.enable('jsonp callback'); app.enable('jsonp callback');
// basic routing // basic routing
app.options('*', function(req,res) { setCrossDomain(res); res.end(); });
app.all(global.settings.base_url+'/sql', function(req, res) { handleQuery(req, res) } ); app.all(global.settings.base_url+'/sql', function(req, res) { handleQuery(req, res) } );
app.all(global.settings.base_url+'/sql.:f', function(req, res) { handleQuery(req, res) } ); app.all(global.settings.base_url+'/sql.:f', function(req, res) { handleQuery(req, res) } );
app.get(global.settings.base_url+'/cachestatus', function(req, res) { handleCacheStatus(req, res) } ); app.get(global.settings.base_url+'/cachestatus', function(req, res) { handleCacheStatus(req, res) } );

48
test/acceptance/app.test.js
View File

@ -69,6 +69,37 @@ test('GET /api/whatever/sql', function(done){
}); });
}); });
// Test CORS headers with GET
test('GET /api/whatever/sql', function(done){
assert.response(app, {
url: '/api/whatever/sql?q=SELECT%201',
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{
}, function(res) {
assert.equal(res.statusCode, 200, res.body);
assert.equal(res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token');
assert.equal(res.headers['access-control-allow-origin'], '*');
done();
});
});
// Test that OPTIONS does not run queries
test('OPTIONS /api/x/sql', function(done){
assert.response(app, {
url: '/api/x/sql?q=syntax%20error',
headers: {host: 'vizzuality.cartodb.com'},
method: 'OPTIONS'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.body);
assert.equal(res.body, '');
assert.equal(res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token');
assert.equal(res.headers['access-control-allow-origin'], '*');
done();
});
});
test('GET /api/v1/sql with SQL parameter on SELECT only. No oAuth included ', function(done){ test('GET /api/v1/sql with SQL parameter on SELECT only. No oAuth included ', function(done){
assert.response(app, { assert.response(app, {
@ -988,21 +1019,4 @@ test('GET /api/v1/sql with SQL parameter on SELECT only should return CORS heade
}); });
}); });
test('OPTIONS /api/v1/sql with SQL parameter on SELECT only should return CORS headers ', function(done){
assert.response(app, {
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&database=cartodb_test_user_1_db',
method: 'OPTIONS'
},{ }, function(res) {
assert.equal(res.statusCode, 200, res.body);
// Check cache headers
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/43
assert.equal(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:untitle_table_4');
assert.equal(res.headers['cache-control'], expected_cache_control);
assert.equal(res.headers['access-control-allow-origin'], '*');
assert.equal(res.headers['access-control-allow-headers'], "X-Requested-With, X-Prototype-Version, X-CSRF-Token");
done();
});
});
}); });