Commit graph

9 commits

Author SHA1 Message Date
c951f8e06a
Bug 24369: Add CORS support to output_with_http_headers()
This patch adds CORS support to output_with_headers(). It will use the
AccessControlAllowOrigin syspref to pick the value and set the Access-Control-Allow-Origin header.

To test:
1. Apply this patch
2. Run:
   $ kshell
  k$ prove t/Output.t
SUCCESS: Tests pass!
3. Sign off :-D

Signed-off-by: Andrew Isherwood <andrew.isherwood@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-05 12:59:44 +00:00
d3503e8119 Bug 20422: Add unit test to Output.t for parametrized_url
This test will reveal that we need to resolve a warning too.

Test plan:
[1] Run t/Output.t without the second patch.
[2] The test will fail on the warning raised by an undefined value.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-26 17:31:13 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
Galen Charlton
7b165794cd Bug 10016: force zero browser-side caching of SCO pages
This patch makes the web-based self-check module pages
specify that no browser (or proxy caching) occur at all.
This prevents a security issue where letting the SCO session time out,
then hitting the back button allowed one to view the previous
patron's session.

This patch adds an optional fifth parameter to output_with_http_headers(),
and output_html_with_http_headers(), a hashref for miscellaneous
options.  One key is defined at the moment: force_no_caching, which if
if present and set to a true value, sets HTTP headers to specify no
browser caching of the page at all.

To test:

[1] Start a web-based self-check session and optionally perform
    some transactions.
[2] Allow the session to time out (it may be helpful to set
    SelfCheckTimeout to a low value such as 10 seconds).
[3] Hit the back button.  You should not see the previous patron's
    self-check session.
[4] Verify that prove -v t/Output.t passes.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Ed Veal <ed.veal@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-21 18:05:12 +00:00
Galen Charlton
1943e17d60 C4::Output tests -- removed inccorect tests
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-01-08 14:07:23 -06:00
Joe Atzberger
a1fe32d2f8 Total Test Overhaul! Most of these were stubs, and still are.
Input.t was replaced because it tested a now obsolete function.
Input.pm has that function commented out.
Several files were renamed to match their counterparts or
correct misspellingz.

Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-10-18 16:26:44 -05:00
Joe Atzberger
92dbfc6c9f Renamed file to match module. Trivial change.
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-10-18 16:26:25 -05:00
rangi
979f09cdd6 Missed test 2007-06-18 07:28:58 +00:00
rangi
77618f43cf Finishing up the last of the tests 2007-06-18 03:20:19 +00:00