lee/changedetection.io
1
0
Fork 0
mirror of https://github.com/dgtlmoon/changedetection.io.git synced 2025-12-04 07:05:35 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fixing access to assets #3053

Browse Source
This commit is contained in:
dgtlmoon
2025-03-25 09:52:01 +01:00
parent 2a91c1f8d1
commit db7f7f0768
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
changedetectionio/flask_app.py
View File

@@ -228,7 +228,7 @@ def changedetection_app(config=None, datastore_o=None):
if has_password_enabled and not flask_login.current_user.is_authenticated:
# Permitted
if request.endpoint and 'static_content' in request.endpoint and request.view_args and request.view_args.get('group') == 'styles':
if request.endpoint and request.endpoint == 'static_content' and request.view_args and request.view_args.get('group') in ['styles', 'js', 'images', 'favicons']:
return None
# Permitted
elif request.endpoint and 'login' in request.endpoint:

10
changedetectionio/tests/test_access_control.py
View File

@@ -1,4 +1,4 @@
from .util import live_server_setup
from .util import live_server_setup, wait_for_all_checks
from flask import url_for
import time
@@ -52,6 +52,14 @@ def test_check_access_control(app, client, live_server):
res = c.get(url_for("ui.ui_views.diff_history_page", uuid="first"))
assert b'Random content' in res.data
# access to assets should work (check_authentication)
res = c.get(url_for('static_content', group='js', filename='jquery-3.6.0.min.js'))
assert res.status_code == 200
res = c.get(url_for('static_content', group='styles', filename='styles.css'))
assert res.status_code == 200
res = c.get(url_for('static_content', group='styles', filename='404-testetest.css'))
assert res.status_code == 404
# Check wrong password does not let us in
res = c.post(
url_for("login"),