Files
emdash-cms--emdash/packages/core/tests/unit/astro/request-context-toolbar-cache.test.ts
wehub-resource-sync b3a7f98e5a
CI / E2E Cloudflare (4/8) (push) Failing after 0s
CI / E2E Cloudflare (8/8) (push) Failing after 1s
CI / Lint (push) Failing after 1s
Auto Extract / Extract (push) Failing after 4s
CI / Version Check (push) Failing after 9s
CI / Integration Tests (push) Failing after 1s
CI / E2E tests (1/8) (push) Failing after 1s
CI / E2E tests (2/8) (push) Failing after 2s
CI / E2E tests (3/8) (push) Failing after 2s
CI / Browser Tests (push) Failing after 1s
CI / E2E tests (5/8) (push) Failing after 1s
CI / E2E Cloudflare (2/8) (push) Failing after 2s
CI / Typecheck (push) Failing after 1s
CI / Changeset Validation (push) Failing after 2s
CI / E2E Cloudflare (5/8) (push) Failing after 1s
CI / E2E Cloudflare (6/8) (push) Failing after 1s
CI / E2E Cloudflare (7/8) (push) Failing after 1s
CodeQL / Analyze (javascript-typescript) (push) Failing after 1s
Format / Format (push) Failing after 0s
CodeQL / Analyze (actions) (push) Failing after 4s
CI / E2E tests (4/8) (push) Failing after 1s
CI / E2E tests (6/8) (push) Failing after 1s
CI / E2E tests (7/8) (push) Failing after 2s
CI / E2E tests (8/8) (push) Failing after 1s
CI / E2E Cloudflare (1/8) (push) Failing after 1s
CI / E2E Cloudflare (3/8) (push) Failing after 2s
Preview Releases / Publish Preview (push) Failing after 0s
zizmor / Run zizmor (push) Failing after 1s
Release / Release (push) Failing after 2s
CI / Smoke Tests (push) Failing after 5m36s
CI / Tests (push) Failing after 6m36s
Release / Sync Templates (push) Has been skipped
CI / E2E Tests (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:23:53 +08:00

65 lines
2.3 KiB
TypeScript

/**
* Regression tests for issue #1398: the editor-toolbar injection path did not
* set `Cache-Control: private, no-store`, unlike the preview path. On a site
* fronted by a shared cache, a logged-in editor merely browsing the public site
* primed the edge cache with toolbar-bearing HTML that was then served to all
* anonymous visitors — leaking the toolbar markup and the fact a session was
* active.
*
* The fix sets `Cache-Control: private, no-store` on any toolbar-injected
* response (centralized in `injectToolbar`), mirroring the preview branch.
*/
import { describe, it, expect, vi } from "vitest";
vi.mock("astro:middleware", () => ({
defineMiddleware: (handler: unknown) => handler,
}));
import onRequest from "../../../src/astro/middleware/request-context.js";
/** A public-page request from a logged-in editor with no edit cookie / preview token. */
function editorRequestContext(pathname = "/blog") {
return {
request: new Request(`https://example.com${pathname}`),
url: new URL(`https://example.com${pathname}`),
cookies: { get: vi.fn(() => undefined), set: vi.fn() },
locals: { user: { id: "u1", role: 30 } },
cache: { set: vi.fn() },
} as unknown as Parameters<typeof onRequest>[0];
}
describe("editor toolbar injection cache headers (issue #1398)", () => {
it("sets Cache-Control: private, no-store on toolbar-injected HTML", async () => {
const context = editorRequestContext();
const response = await onRequest(
context,
async () =>
new Response("<html><body>hello</body></html>", {
headers: { "content-type": "text/html" },
}),
);
const body = await response.text();
// Confirm we are on the actual-injection path, not an early return.
expect(body).toContain('id="emdash-toolbar"');
expect(response.headers.get("Cache-Control")).toBe("private, no-store");
});
it("does not force no-store on non-HTML responses (no toolbar injected)", async () => {
const context = editorRequestContext("/api/data.json");
const response = await onRequest(
context,
async () =>
new Response('{"ok":true}', {
headers: { "content-type": "application/json" },
}),
);
// No toolbar was injected, so the response is not session-specific and
// must retain its original cacheability.
expect(response.headers.get("Cache-Control")).toBeNull();
});
});