Skip to content

Commit 07c32b7

Browse files
vdusekvdusek
committed
Fix tests
1 parent 839a4bd commit 07c32b7

1 file changed

Lines changed: 8 additions & 7 deletions

File tree

tests/unit/_utils/test_urls.py

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -70,22 +70,23 @@ def test_validate_http_url_rejects_non_http_scheme(invalid_url: str) -> None:
7070
@pytest.mark.parametrize(
7171
('strategy', 'origin', 'target', 'expected'),
7272
[
73-
# 'all' lets http(s) through across hosts, but rejects non-http(s) schemes
73+
# 'all' lets every URL through — scheme filtering is the caller's responsibility
7474
('all', 'https://example.com/', 'https://other.test/', True),
75-
('all', 'https://example.com/', 'gopher://internal:6379/_PING', False),
76-
('all', 'https://example.com/', 'mailto:foo@bar.com', False),
77-
('all', 'https://example.com/', 'javascript:alert(1)', False),
78-
('all', 'https://example.com/', 'ftp://example.com/', False),
75+
('all', 'https://example.com/', 'gopher://internal:6379/_PING', True),
76+
('all', 'https://example.com/', 'mailto:foo@bar.com', True),
77+
('all', 'https://example.com/', 'javascript:alert(1)', True),
78+
('all', 'https://example.com/', 'ftp://example.com/', True),
7979
# 'same-hostname' is exact host equality
8080
('same-hostname', 'https://example.com/a', 'https://example.com/b', True),
8181
('same-hostname', 'https://example.com/', 'https://www.example.com/', False),
8282
('same-hostname', 'https://example.com/', 'https://other.test/', False),
8383
('same-hostname', 'https://example.com/', 'mailto:foo@example.com', False),
84-
# 'same-domain' allows subdomains under the same registrable domain
84+
# 'same-domain' allows subdomains under the same registrable domain;
85+
# scheme is ignored — caller filters non-http(s) targets separately
8586
('same-domain', 'https://example.com/', 'https://www.example.com/', True),
8687
('same-domain', 'https://example.com/', 'https://api.example.com/', True),
8788
('same-domain', 'https://example.com/', 'https://other.test/', False),
88-
('same-domain', 'https://example.com/', 'ftp://www.example.com/', False),
89+
('same-domain', 'https://example.com/', 'ftp://www.example.com/', True),
8990
# 'same-origin' requires scheme + host + port match
9091
('same-origin', 'https://example.com/', 'https://example.com/path', True),
9192
('same-origin', 'https://example.com/', 'http://example.com/', False),

0 commit comments

Comments
 (0)