search

mozilla-services / autopush

Python Web Push Server used by Mozilla
https://autopush.readthedocs.io/
Mozilla Public License 2.0
215 stars 34 forks source link

bug: compare VAPID aud to endpoint_hostname #1435

Closed jrconlin closed 3 years ago

jrconlin commented 3 years ago

Description

use endpoint_url instead of hostname for VAPID aud checks.

Testing

Provide a different endpoint_hostname instead of hostname (e.g. localhost instead of 127.0.01) and verify that only audiences using the matching host name are allowed.

Issue(s)

Closes #1434.

codecov-io commented 3 years ago

Codecov Report

:exclamation: No coverage uploaded for pull request base (master@a73c95a). Click here to learn what that means. The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #1435   +/-   ##
=========================================
  Coverage          ?   99.58%           
=========================================
  Files             ?       65           
  Lines             ?    10646           
  Branches          ?        0           
=========================================
  Hits              ?    10602           
  Misses            ?       44           
  Partials          ?        0
Impacted Files Coverage Δ
autopush/tests/test_integration.py 99.22% <100.00%> (ø)
autopush/web/webpush.py 98.50% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update a73c95a...600c851. Read the comment docs.