UNPKG

actionhero

Version:

The reusable, scalable, and quick node.js API server for stateless and stateful applications

www.actionherojs.com

actionhero/actionhero

58 lines (51 loc) 1.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
import axios, { AxiosError } from "axios"; import { Process, config } from "./../../../src/index"; const actionhero = new Process(); let url: string; jest.mock("./../../../src/config/web.ts", () => ({ __esModule: true, test: { web: () => { return { enabled: true, automaticRoutes: ["get", "post"], secure: false, urlPathForActions: "api", urlPathForFiles: "public", rootEndpointType: "file", port: 18080 + parseInt(process.env.JEST_WORKER_ID || "0"), matchExtensionMime: true, metadataOptions: { serverInformation: true, requesterInformation: false, }, fingerprintOptions: { cookieKey: "sessionID", }, }; }, }, })); describe("Server: Web", () => { beforeAll(async () => { await actionhero.start(); url = "http://localhost:" + config.web!.port; }); afterAll(async () => await actionhero.stop()); describe("JSONp", () => { test("can ask for JSONp responses", async () => { const response = await axios.get( url + "/api/randomNumber?callback=myCallback", ); expect(response.data).toContain("myCallback({"); expect(response.data).toContain("Your random number is"); }); test("JSONp responses cannot be used for XSS", async () => { const response = await axios.get( url + "/api/randomNumber?callback=alert(%27hi%27);foo", ); expect(response.data).not.toMatch(/alert\(/); expect(response.data.indexOf("alert'hi';foo(")).toEqual(0); }); }); });