Added well-known assetlinks.json to allowed files

refs: https://github.com/google/digitalassetlinks/blob/master/well-known/specification.md
refs: https://github.com/google/digitalassetlinks/blob/master/well-known/details.md

- allow themes to include assetlinks.json files to comply with the Google digital asset links spec
This commit is contained in:
Hannah Wolfe 2023-10-31 11:57:15 +00:00
parent b8069c60e9
commit 0049b74a2d
2 changed files with 18 additions and 1 deletions

View File

@ -45,7 +45,7 @@ function isAllowedFile(file) {
const normalizedFilePath = path.normalize(decodedFilePath); const normalizedFilePath = path.normalize(decodedFilePath);
const allowedFiles = ['manifest.json']; const allowedFiles = ['manifest.json', 'assetlinks.json'];
const allowedPath = '/assets/'; const allowedPath = '/assets/';
const alwaysDeny = ['.hbs']; const alwaysDeny = ['.hbs'];

View File

@ -157,6 +157,23 @@ describe('staticTheme', function () {
}); });
}); });
it('should NOT skip if file is allowed even if nested', function (done) {
req.path = '/.well-known/assetlinks.json';
staticTheme()(req, res, function next() {
// Specifically gets called twice
activeThemeStub.calledTwice.should.be.true();
expressStaticStub.called.should.be.true();
// Check that express static gets called with the theme path + maxAge
should.exist(expressStaticStub.firstCall.args);
expressStaticStub.firstCall.args[0].should.eql('my/fake/path');
expressStaticStub.firstCall.args[1].should.be.an.Object().with.property('maxAge');
done();
});
});
it('should NOT skip if file is in assets', function (done) { it('should NOT skip if file is in assets', function (done) {
req.path = '/assets/whatever.json'; req.path = '/assets/whatever.json';