From 27555bb72bbb5670ab11c4056604423e13973518 Mon Sep 17 00:00:00 2001 From: Thomas Fink <53316058+ThomasAFink@users.noreply.github.com> Date: Wed, 22 Jan 2025 17:49:05 +0100 Subject: [PATCH] Temporarily disable cors zmscitizenapi (#795) * disable cors middleware * Update CorsMiddlewareTest.php * Update CorsMiddlewareTest.php * Update bootstrap.php * Update SecurityHeadersMiddlewareTest.php --- zmscitizenapi/bootstrap.php | 4 +-- .../Middleware/CorsMiddlewareTest.php | 30 +++++++++---------- .../SecurityHeadersMiddlewareTest.php | 18 +++++------ 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/zmscitizenapi/bootstrap.php b/zmscitizenapi/bootstrap.php index df952fe58..166c04b71 100644 --- a/zmscitizenapi/bootstrap.php +++ b/zmscitizenapi/bootstrap.php @@ -42,8 +42,8 @@ // Security middleware (order is important) App::$slim->add(new \BO\Zmscitizenapi\Middleware\LanguageMiddleware($logger)); App::$slim->add(new \BO\Zmscitizenapi\Middleware\RequestLoggingMiddleware($logger)); -App::$slim->add(new \BO\Zmscitizenapi\Middleware\SecurityHeadersMiddleware($logger)); -App::$slim->add(new \BO\Zmscitizenapi\Middleware\CorsMiddleware($logger)); +//App::$slim->add(new \BO\Zmscitizenapi\Middleware\SecurityHeadersMiddleware($logger)); +//App::$slim->add(new \BO\Zmscitizenapi\Middleware\CorsMiddleware($logger)); //App::$slim->add(new \BO\Zmscitizenapi\Middleware\CsrfMiddleware($logger)); App::$slim->add(new \BO\Zmscitizenapi\Middleware\RateLimitingMiddleware($cache, $logger)); App::$slim->add(new \BO\Zmscitizenapi\Middleware\RequestSanitizerMiddleware($logger)); diff --git a/zmscitizenapi/tests/Zmscitizenapi/Middleware/CorsMiddlewareTest.php b/zmscitizenapi/tests/Zmscitizenapi/Middleware/CorsMiddlewareTest.php index db1fbf7d2..f58f037fd 100644 --- a/zmscitizenapi/tests/Zmscitizenapi/Middleware/CorsMiddlewareTest.php +++ b/zmscitizenapi/tests/Zmscitizenapi/Middleware/CorsMiddlewareTest.php @@ -13,7 +13,7 @@ class CorsMiddlewareTest extends MiddlewareTestCase { private CorsMiddleware $middleware; - protected function setUp(): void + /*protected function setUp(): void { parent::setUp(); \App::$source_name = 'unittest'; @@ -24,29 +24,29 @@ protected function setUp(): void putenv('CORS=http://localhost:8080'); \App::reinitializeMiddlewareConfig(); $this->middleware = new CorsMiddleware($this->logger); - } + }*/ - protected function tearDown(): void + /*protected function tearDown(): void { putenv('CORS'); // Clear environment variable parent::tearDown(); - } + }*/ - public function testAllowsRequestWithoutOrigin(): void + /*public function testAllowsRequestWithoutOrigin(): void { $request = $this->createRequest(); $response = new Response(); - $handler = $this->createHandler($response); + $handler = $this->createHandler($response);*/ /*$this->logger->expectLogInfo('Direct browser request - no Origin header', [ 'uri' => 'http://localhost/test' ]);*/ - $result = $this->middleware->process($request, $handler); + /*$result = $this->middleware->process($request, $handler); $this->assertSame($response, $result); - } + }*/ - public function testBlocksDisallowedOrigin(): void + /*public function testBlocksDisallowedOrigin(): void { $request = $this->createRequest(['Origin' => 'http://evil.com']); $response = new Response(); @@ -66,9 +66,9 @@ public function testBlocksDisallowedOrigin(): void ['errors' => [ErrorMessages::get('corsOriginNotAllowed')]], $logBody ); - } + }*/ - public function testAllowsWhitelistedOrigin(): void + /*public function testAllowsWhitelistedOrigin(): void { $request = $this->createRequest(['Origin' => 'http://localhost:8080']); $response = new Response(); @@ -78,9 +78,9 @@ public function testAllowsWhitelistedOrigin(): void $this->assertEquals('http://localhost:8080', $result->getHeaderLine('Access-Control-Allow-Origin')); $this->assertNotEmpty($result->getHeaderLine('Access-Control-Allow-Methods')); - } + }*/ - public function testHandlesPreflightRequest(): void + /*public function testHandlesPreflightRequest(): void { $headers = new \Slim\Psr7\Headers([ 'Origin' => 'http://localhost:8080', @@ -105,5 +105,5 @@ public function testHandlesPreflightRequest(): void $this->assertEquals('http://localhost:8080', $result->getHeaderLine('Access-Control-Allow-Origin')); $this->assertNotEmpty($result->getHeaderLine('Access-Control-Allow-Methods')); $this->assertNotEmpty($result->getHeaderLine('Access-Control-Allow-Headers')); - } -} \ No newline at end of file + }*/ +} diff --git a/zmscitizenapi/tests/Zmscitizenapi/Middleware/SecurityHeadersMiddlewareTest.php b/zmscitizenapi/tests/Zmscitizenapi/Middleware/SecurityHeadersMiddlewareTest.php index ec29a8448..5e72cb7f4 100644 --- a/zmscitizenapi/tests/Zmscitizenapi/Middleware/SecurityHeadersMiddlewareTest.php +++ b/zmscitizenapi/tests/Zmscitizenapi/Middleware/SecurityHeadersMiddlewareTest.php @@ -13,7 +13,7 @@ class SecurityHeadersMiddlewareTest extends MiddlewareTestCase { private SecurityHeadersMiddleware $middleware; - protected function setUp(): void + /*protected function setUp(): void { parent::setUp(); \App::$source_name = 'unittest'; @@ -22,25 +22,25 @@ protected function setUp(): void \App::$cache->clear(); } $this->middleware = new SecurityHeadersMiddleware($this->logger); - } + }*/ - public function testAddsSecurityHeaders(): void + /*public function testAddsSecurityHeaders(): void { $request = $this->createRequest(['X-Test' => 'test']); $response = new Response(); - $handler = $this->createHandler($response); + $handler = $this->createHandler($response);*/ /*$this->logger->expectLogInfo('Security headers added', [ 'uri' => 'http://localhost/test' ]);*/ - $result = $this->middleware->process($request, $handler); + /*$result = $this->middleware->process($request, $handler); $this->assertContainsEquals('DENY', $result->getHeader('X-Frame-Options')); $this->assertContainsEquals('nosniff', $result->getHeader('X-Content-Type-Options')); - } + }*/ - public function testHandlesHeaderException(): void + /*public function testHandlesHeaderException(): void { $request = $this->createRequest(['X-Test' => 'test']); $response = $this->createMock(Response::class); @@ -59,5 +59,5 @@ public function testHandlesHeaderException(): void ['errors' => [ErrorMessages::get('securityHeaderViolation')]], $logBody ); - } -} \ No newline at end of file + }*/ +}