Intern测试框架异步设置
[英]TheIntern test framework asynchronous setup
问题描述
As part of my project I am using https://github.com/theintern/intern/ to run unit and functional tests. 
作为我项目的一部分,我正在使用https://github.com/theintern/intern/来运行单元和功能测试。
In one of my tests I am testing the server implementation of the JSON Rest API. 在我的测试之一中,我正在测试JSON Rest API的服务器实现。 I need this implementation to work with the Dojo JSON Rest client ( http://dojotoolkit.org/reference-guide/1.10/dojo/store/JsonRest.html ). 我需要该实现才能与Dojo JSON Rest客户端( http://dojotoolkit.org/reference-guide/1.10/dojo/store/JsonRest.html )一起使用。
Therefore I am trying to manually trigger the XHRs that Dojo Store is supposed to do. 因此,我试图手动触发Dojo Store应该执行的XHR。 However, I do not know how to get around the CSRF protection in the browser since I could not find a way to integrate my server implementation (that I wish to test) with the web server found inside the Intern framework. 但是,我不知道如何解决浏览器中的CSRF保护问题,因为我找不到将我的服务器实现(我想测试)与Intern框架中的Web服务器集成的方法。
Intern webserver runs at http://localhost:9000 and my JSON Rest Store is at http://localhost:3000 , hence CSRF browser protection triggers. Intern网络服务器在http://localhost:9000运行,而我的JSON Rest Store在http://localhost:3000 ,因此CSRF浏览器保护触发。
Normally the page needing to do XHR across servers needs some sort of CSRF token/cookie authorization from the original server. 通常,需要跨服务器执行XHR的页面需要原始服务器提供某种CSRF令牌/ cookie授权。 How can I perform this with the Intern? 如何与实习生一起执行此操作? If I need to obtain this authorization from the JSON REST API server implementation, then my server won't be work as a REST implementation because I need to track state. 如果我需要从JSON REST API服务器实现中获取此授权,则我的服务器将无法用作REST实现,因为我需要跟踪状态。 Am I getting this right? 我说对了吗?
In my application proper (production server) this is not a problem because the server implementation of the JSON Rest API is also serving the static HTML page that initiates the XHR. 在我的应用程序本身(生产服务器)中,这不是问题,因为JSON Rest API的服务器实现也正在提供启动XHR的静态HTML页面。
UPDATE : I've found a guide about stateless CSRF protection: http://appsandsecurity.blogspot.de/2012/01/stateless-csrf-protection.html . 更新 :我找到了有关无状态CSRF保护的指南: http : //appsandsecurity.blogspot.de/2012/01/stateless-csrf-protection.html 。 Still I need to test this and see how it applies to Dojo JSON Rest stores. 仍然需要对此进行测试,并查看它如何应用于Dojo JSON Rest存储。
1 个解决方案
解决方案1
1 2014-08-28 14:37:49
I've heard you can disable CSRF protections in some browsers, if you need that for development. 我听说您可以在某些浏览器中禁用CSRF保护,如果需要进行开发的话。 However, that protection is a very crucial thing, without it AJAX requests would be too dangerous to allow the pages to use them... 但是,保护是非常关键的事情,没有它,AJAX请求将太危险而无法允许页面使用它们。
Your both web application and REST channel must be on the same IP and same port . 您的Web应用程序和REST通道都必须位于相同的IP和相同的端口上 。 If you have 2 separate servers, the way to achieve it is using a proxy server . 如果您有2台单独的服务器,则可以使用代理服务器来实现。 Either one of the servers offer such functionality, or you use the third (like Apache) to proxy calls to both servers. 其中一个服务器提供了这样的功能,或者您使用第三个服务器(如Apache)来代理对这两个服务器的调用。
I'm using Apache HTTPD with mod_proxy . 我正在将Apache HTTPD与mod_proxy一起使用 。 I store the client code (html and js) on apache, and I redirect the calls to rest services using config defined in httpd.conf : 我将客户端代码(html和js)存储在apache上,并使用httpd.conf定义的config将调用重定向到rest服务:
ProxyPass /myapp/rest/ http://l0calhost:9000/myapp/rest/
Your rest channel will be availabe them (if your apache server listens on l0calhost:3000 ) under http://l0calhost:3000/myapp/rest , and the application (JS) can refer to it under /myapp/rest. 您的休息频道将可用(如果您的apache服务器在l0calhost:3000上监听)在http://l0calhost:3000/myapp/rest ,应用程序(JS)可以在/ myapp / rest下引用它。
of course, you need first to uncomment the lines activating the mod_proxy 当然,您首先需要取消注释激活mod_proxy的行
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.