CalvinBackup/iD
1
0
Fork 0
mirror of https://github.com/FoggedLens/iD.git synced 2026-02-13 01:02:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize Amazon CloudFront signature in imagery_used (#10007)

Browse Source
This commit is contained in:
Excitable Snowball
2023-12-06 03:40:15 -08:00
committed by GitHub
parent 1e1c07c733
commit 4bf79e9f1a
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/renderer/background_source.js
View File

@@ -583,7 +583,7 @@ rendererBackgroundSource.Custom = function(template) {
var parts = cleaned.split('?', 2);
var qs = utilStringQs(parts[1]);
['access_token', 'connectId', 'token'].forEach(function(param) {
['access_token', 'connectId', 'token', 'Signature'].forEach(function(param) {
if (qs[param]) {
qs[param] = '{apikey}';
}

4
test/spec/renderer/background_source.js
View File

@@ -92,6 +92,10 @@ describe('iD.rendererBackgroundSource.Custom', function() {
var source = iD.rendererBackgroundSource.Custom('http://example.com?token=MYTOKEN');
expect(source.imageryUsed()).to.eql('Custom (http://example.com?token={apikey} )');
});
it('sanitizes `Signature` for CloudFront', function() {
var source = iD.rendererBackgroundSource.Custom('https://example.com/?Key-Pair-Id=foo&Policy=bar&Signature=baz');
expect(source.imageryUsed()).to.eql('Custom (https://example.com/?Key-Pair-Id=foo&Policy=bar&Signature={apikey} )');
});
it('sanitizes wms path `token`', function() {
var source = iD.rendererBackgroundSource.Custom('http://example.com/wms/v1/token/MYTOKEN/1.0.0/layer');
expect(source.imageryUsed()).to.eql('Custom (http://example.com/wms/v1/token/{apikey}/1.0.0/layer )');