| blob | c07df5dd2c40d8eef01d38f47135b46dc1715b6c |
2 var assert = require('assert')
3 var express = require('..');
4 var request = require('supertest');
5 var utils = require('./support/utils');
7 describe('res', function(){
8 describe('.redirect(url)', function(){
9 it('should default to a 302 redirect', function(done){
10 var app = express();
12 app.use(function(req, res){
13 res.redirect('http://google.com');
14 });
16 request(app)
17 .get('/')
18 .expect('location', 'http://google.com')
19 .expect(302, done)
20 })
22 it('should encode "url"', function (done) {
23 var app = express()
25 app.use(function (req, res) {
26 res.redirect('https://google.com?q=\u2603 ยง10')
27 })
29 request(app)
30 .get('/')
31 .expect('Location', 'https://google.com?q=%E2%98%83%20%C2%A710')
32 .expect(302, done)
33 })
35 it('should not touch already-encoded sequences in "url"', function (done) {
36 var app = express()
38 app.use(function (req, res) {
39 res.redirect('https://google.com?q=%A710')
40 })
42 request(app)
43 .get('/')
44 .expect('Location', 'https://google.com?q=%A710')
45 .expect(302, done)
46 })
47 })
49 describe('.redirect(status, url)', function(){
50 it('should set the response status', function(done){
51 var app = express();
53 app.use(function(req, res){
54 res.redirect(303, 'http://google.com');
55 });
57 request(app)
58 .get('/')
59 .expect('Location', 'http://google.com')
60 .expect(303, done)
61 })
62 })
64 describe('.redirect(url, status)', function(){
65 it('should set the response status', function(done){
66 var app = express();
68 app.use(function(req, res){
69 res.redirect('http://google.com', 303);
70 });
72 request(app)
73 .get('/')
74 .expect('Location', 'http://google.com')
75 .expect(303, done)
76 })
77 })
79 describe('when the request method is HEAD', function(){
80 it('should ignore the body', function(done){
81 var app = express();
83 app.use(function(req, res){
84 res.redirect('http://google.com');
85 });
87 request(app)
88 .head('/')
89 .expect(302)
90 .expect('Location', 'http://google.com')
91 .expect(shouldNotHaveBody())
92 .end(done)
93 })
94 })
96 describe('when accepting html', function(){
97 it('should respond with html', function(done){
98 var app = express();
100 app.use(function(req, res){
101 res.redirect('http://google.com');
102 });
104 request(app)
105 .get('/')
106 .set('Accept', 'text/html')
107 .expect('Content-Type', /html/)
108 .expect('Location', 'http://google.com')
109 .expect(302, '<p>Found. Redirecting to <a href="http://google.com">http://google.com</a></p>', done)
110 })
112 it('should escape the url', function(done){
113 var app = express();
115 app.use(function(req, res){
116 res.redirect('<la\'me>');
117 });
119 request(app)
120 .get('/')
121 .set('Host', 'http://example.com')
122 .set('Accept', 'text/html')
123 .expect('Content-Type', /html/)
124 .expect('Location', '%3Cla\'me%3E')
125 .expect(302, '<p>Found. Redirecting to <a href="%3Cla'me%3E">%3Cla'me%3E</a></p>', done)
126 })
128 it('should include the redirect type', function(done){
129 var app = express();
131 app.use(function(req, res){
132 res.redirect(301, 'http://google.com');
133 });
135 request(app)
136 .get('/')
137 .set('Accept', 'text/html')
138 .expect('Content-Type', /html/)
139 .expect('Location', 'http://google.com')
140 .expect(301, '<p>Moved Permanently. Redirecting to <a href="http://google.com">http://google.com</a></p>', done);
141 })
142 })
144 describe('when accepting text', function(){
145 it('should respond with text', function(done){
146 var app = express();
148 app.use(function(req, res){
149 res.redirect('http://google.com');
150 });
152 request(app)
153 .get('/')
154 .set('Accept', 'text/plain, */*')
155 .expect('Content-Type', /plain/)
156 .expect('Location', 'http://google.com')
157 .expect(302, 'Found. Redirecting to http://google.com', done)
158 })
160 it('should encode the url', function(done){
161 var app = express();
163 app.use(function(req, res){
164 res.redirect('http://example.com/?param=<script>alert("hax");</script>');
165 });
167 request(app)
168 .get('/')
169 .set('Host', 'http://example.com')
170 .set('Accept', 'text/plain, */*')
171 .expect('Content-Type', /plain/)
172 .expect('Location', 'http://example.com/?param=%3Cscript%3Ealert(%22hax%22);%3C/script%3E')
173 .expect(302, 'Found. Redirecting to http://example.com/?param=%3Cscript%3Ealert(%22hax%22);%3C/script%3E', done)
174 })
176 it('should include the redirect type', function(done){
177 var app = express();
179 app.use(function(req, res){
180 res.redirect(301, 'http://google.com');
181 });
183 request(app)
184 .get('/')
185 .set('Accept', 'text/plain, */*')
186 .expect('Content-Type', /plain/)
187 .expect('Location', 'http://google.com')
188 .expect(301, 'Moved Permanently. Redirecting to http://google.com', done);
189 })
190 })
192 describe('when accepting neither text or html', function(){
193 it('should respond with an empty body', function(done){
194 var app = express();
196 app.use(function(req, res){
197 res.redirect('http://google.com');
198 });
200 request(app)
201 .get('/')
202 .set('Accept', 'application/octet-stream')
203 .expect(302)
204 .expect('location', 'http://google.com')
205 .expect('content-length', '0')
206 .expect(utils.shouldNotHaveHeader('Content-Type'))
207 .expect(shouldNotHaveBody())
208 .end(done)
209 })
210 })
211 })
213 function shouldNotHaveBody () {
214 return function (res) {
215 assert.ok(res.text === '' || res.text === undefined)
216 }
217 }