diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 91f76d311b..c190abdf2b 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,11 +3,11 @@ class ApplicationController < ActionController::Base # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception - force_ssl if: "ENV['LOCAL_HTTPS'] == 'true'" + force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'" # Profiling before_action do - if (current_user && current_user.admin?) || Rails.env == 'development' + if (current_user && current_user.admin?) || Rails.env.development? Rack::MiniProfiler.authorize_request end end diff --git a/config/environments/production.rb b/config/environments/production.rb index 09b77654f3..e5cb01151f 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -80,4 +80,6 @@ Rails.application.configure do } config.action_mailer.delivery_method = :smtp + + config.action_cable.allowed_request_origins = ["http#{config.x.use_https ? 's' : ''}://#{config.x.local_domain}"] end diff --git a/config/initializers/ostatus.rb b/config/initializers/ostatus.rb index 056d30f49f..3cb17c7181 100644 --- a/config/initializers/ostatus.rb +++ b/config/initializers/ostatus.rb @@ -4,6 +4,4 @@ Rails.application.configure do config.x.use_https = ENV['LOCAL_HTTPS'] == 'true' config.action_mailer.default_url_options = { host: config.x.local_domain, protocol: config.x.use_https ? 'https://' : 'http://' } - - config.action_cable.allowed_request_origins = ["http#{config.x.use_https ? 's' : ''}://#{config.x.local_domain}"] end diff --git a/spec/controllers/api/salmon_controller_spec.rb b/spec/controllers/api/salmon_controller_spec.rb index 8b356640f9..785e1723b1 100644 --- a/spec/controllers/api/salmon_controller_spec.rb +++ b/spec/controllers/api/salmon_controller_spec.rb @@ -1,7 +1,7 @@ require 'rails_helper' RSpec.describe Api::SalmonController, type: :controller do - let(:account) { Fabricate(:account, username: 'catsrgr8', user: Fabricate(:user)) } + let(:account) { Fabricate(:user, account: Fabricate(:account, username: 'catsrgr8')).account } before do stub_request(:get, "https://quitter.no/.well-known/host-meta").to_return(request_fixture('.host-meta.txt')) @@ -16,6 +16,10 @@ RSpec.describe Api::SalmonController, type: :controller do post :update, params: { id: account.id } end + it 'contains XML in the request body' do + expect(request.body.read).to be_a String + end + it 'returns http success' do expect(response).to have_http_status(:success) end