TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-03 08:25:06 +03:00
Code Issues Projects Releases Wiki Activity

🐛 Fixed api url for the ghost sdk (#9013)

Browse Source 
no issue

- mirror LTS behaviour to master
- if your blog or admin url is configured to http, it's still possible that e.g. nginx allows both https/http
- that's why we should generate the api url without protocol in this case
- so it depends how you serve your blog, example:
  - blog url is http://example.com
  - generated api url for the sdk is //example.com (dynamic protocol allowed)
  - you serve your blog via https://example.com, protocol is https
  - you serve your blog via http://example.com, protocol is http
This commit is contained in:
Katharina Irrgang 2017-09-18 17:28:22 +02:00 committed by Hannah Wolfe
parent abb84d065e
commit 4ac34a7f33
3 changed files with 67 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
core/server/utils/url.js
View File

@ -316,10 +316,13 @@ function urlFor(context, data, absolute) {
} else if (context === 'api') {
urlPath = getAdminUrl() || getBlogUrl();
// CASE: with or without protocol?
// CASE: with or without protocol? If your blog url (or admin url) is configured to http, it's still possible that e.g. nginx allows both https+http.
// So it depends how you serve your blog. The main focus here is to avoid cors problems.
// @TODO: rename cors
if (data && data.cors) {
urlPath = urlPath.replace(/^.*?:\/\//g, '//');
if (!urlPath.match(/^https:/)) {
urlPath = urlPath.replace(/^.*?:\/\//g, '//');
}
}
if (absolute) {

31
core/test/unit/ghost_sdk_spec.js
View File

@ -33,6 +33,37 @@ describe('Ghost Ajax Helper', function () {
ghostSdk.url.api().should.equal('//testblog.com/ghost/api/v0.1/');
});
it('blog url is https', function () {
configUtils.set({
url: 'https://testblog.com/'
});
ghostSdk.init({
clientId: '',
clientSecret: '',
url: utils.url.urlFor('api', {cors: true}, true)
});
ghostSdk.url.api().should.equal('https://testblog.com/ghost/api/v0.1/');
});
it('admin url is https', function () {
configUtils.set({
url: 'http://testblog.com/',
admin: {
url: 'https://admin.testblog.com'
}
});
ghostSdk.init({
clientId: '',
clientSecret: '',
url: utils.url.urlFor('api', {cors: true}, true)
});
ghostSdk.url.api().should.equal('https://admin.testblog.com/ghost/api/v0.1/');
});
it('strips arguments of forward and trailing slashes correctly', function () {
ghostSdk.init({
clientId: '',

32
core/test/unit/utils/url_spec.js
View File

@ -450,13 +450,43 @@ describe('Url', function () {
utils.url.urlFor('api', true).should.eql('https://my-ghost-blog.com/ghost/api/v0.1/');
});
it('api: cors should return no protocol', function () {
it('[api url] blog url is http: cors should return no protocol', function () {
configUtils.set({
url: 'http://my-ghost-blog.com'
});
utils.url.urlFor('api', {cors: true}, true).should.eql('//my-ghost-blog.com/ghost/api/v0.1/');
});
it('[api url] admin url is http: cors should return no protocol', function () {
configUtils.set({
url: 'http://my-ghost-blog.com',
admin: {
url: 'http://admin.ghost.example'
}
});
utils.url.urlFor('api', {cors: true}, true).should.eql('//admin.ghost.example/ghost/api/v0.1/');
});
it('[api url] admin url is https: should return with protocol', function () {
configUtils.set({
url: 'https://my-ghost-blog.com',
admin: {
url: 'https://admin.ghost.example'
}
});
utils.url.urlFor('api', {cors: true}, true).should.eql('https://admin.ghost.example/ghost/api/v0.1/');
});
it('[api url] blog url is https: should return with protocol', function () {
configUtils.set({
url: 'https://my-ghost-blog.com'
});
utils.url.urlFor('api', {cors: true}, true).should.eql('https://my-ghost-blog.com/ghost/api/v0.1/');
});
});
describe('urlPathForPost', function () {