From 4c690f7089180311614f70e43952372c028a6dc4 Mon Sep 17 00:00:00 2001 From: Robin Ward Date: Mon, 22 May 2017 16:42:19 -0400 Subject: [PATCH] Use `FinalDestination` to ensure public redirects for onebox --- config/initializers/100-onebox_options.rb | 3 ++- lib/oneboxer.rb | 7 +++++-- spec/components/final_destination_spec.rb | 7 +++++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/config/initializers/100-onebox_options.rb b/config/initializers/100-onebox_options.rb index 81e4c93fde1..9726a5aadcf 100644 --- a/config/initializers/100-onebox_options.rb +++ b/config/initializers/100-onebox_options.rb @@ -1,5 +1,6 @@ require_dependency 'twitter_api' Onebox.options = { - twitter_client: TwitterApi + twitter_client: TwitterApi, + redirect_limit: 1 } diff --git a/lib/oneboxer.rb b/lib/oneboxer.rb index c117331f229..d90475c36b7 100644 --- a/lib/oneboxer.rb +++ b/lib/oneboxer.rb @@ -1,4 +1,6 @@ -require_dependency "#{Rails.root}/lib/onebox/discourse_onebox_sanitize_config" +require_dependency "onebox/discourse_onebox_sanitize_config" +require_dependency 'final_destination' + Dir["#{Rails.root}/lib/onebox/engine/*_onebox.rb"].sort.each { |f| require f } module Oneboxer @@ -140,8 +142,9 @@ module Oneboxer end def self.onebox_raw(url) + Rails.cache.fetch(onebox_cache_key(url), expires_in: 1.day) do - uri = URI(url) rescue nil + uri = FinalDestination.new(url).resolve return blank_onebox if uri.blank? || SiteSetting.onebox_domains_blacklist.include?(uri.hostname) options = { cache: {}, max_width: 695, sanitize_config: Sanitize::Config::DISCOURSE_ONEBOX } r = Onebox.preview(url, options) diff --git a/spec/components/final_destination_spec.rb b/spec/components/final_destination_spec.rb index 0b4aed46b14..78c4473d3fc 100644 --- a/spec/components/final_destination_spec.rb +++ b/spec/components/final_destination_spec.rb @@ -19,8 +19,11 @@ describe FinalDestination do end before do - FinalDestination.stubs(:lookup_ip) do |host| - end + WebMock.reset! + end + + after do + WebMock.reset! end let(:doc_response) do