lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity
archy/scripts/test-iframe-newtab.sh
Dorian e3aa95a103 fix: prevent tokio runtime deadlock in credential issue/verify 
The credential issuance and verification handlers used
Handle::block_on() directly inside the tokio runtime, causing a
deadlock. Wrapped with block_in_place() to properly yield the
runtime thread.

Also completed full feature verification across all 25 test groups
(~175 checks) on live server.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 07:43:12 +00:00

120 lines
3.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -euo pipefail
# TEST-203: iframe/new-tab verification for all apps.
# Checks X-Frame-Options headers and verifies mustOpenInNewTab() mapping.
SSH_KEY="${ARCHIPELAGO_SSH_KEY:-$HOME/.ssh/archipelago-deploy}"
TARGET="archipelago@192.168.1.228"
SSH_CMD="ssh -i $SSH_KEY -o StrictHostKeyChecking=no $TARGET"
# Apps that MUST open in new tab (X-Frame-Options: DENY or SAMEORIGIN)
MUST_NEW_TAB="btcpay-server homeassistant nextcloud immich"
# All apps and their ports for checking
declare -A APP_PORTS=(
[bitcoin-knots]="8332"
[electrs]="50001"
[btcpay-server]="23000"
[lnd]="8080"
[mempool]="18080"
[homeassistant]="8123"
[grafana]="3033"
[searxng]="18888"
[ollama]="11434"
[onlyoffice]="8044"
[penpot]="9001"
[nextcloud]="8085"
[vaultwarden]="8099"
[jellyfin]="8096"
[photoprism]="2342"
[immich]="2283"
[filebrowser]="18082"
[nginx-proxy-manager]="8181"
[portainer]="9443"
[uptime-kuma]="3001"
[fedimint]="8174"
)
PASS=0
FAIL=0
SKIP=0
RESULTS=()
log() { echo -e "\033[1;34m[TEST]\033[0m $*"; }
pass() { echo -e "\033[1;32m[PASS]\033[0m $*"; PASS=$((PASS + 1)); RESULTS+=("PASS: $*"); }
fail() { echo -e "\033[1;31m[FAIL]\033[0m $*"; FAIL=$((FAIL + 1)); RESULTS+=("FAIL: $*"); }
skip() { echo -e "\033[1;33m[SKIP]\033[0m $*"; SKIP=$((SKIP + 1)); RESULTS+=("SKIP: $*"); }
check_app() {
local app_id="$1"
local port="${APP_PORTS[$app_id]}"
local should_newtab=false
for nt in $MUST_NEW_TAB; do
if [ "$nt" = "$app_id" ]; then
should_newtab=true
break
fi
done
# Check if port responds
local headers
headers=$($SSH_CMD "curl -sI --connect-timeout 5 http://localhost:$port/ 2>/dev/null" || echo "")
if [ -z "$headers" ]; then
skip "$app_id (port $port) — not responding (app may not be running)"
return
fi
# Check X-Frame-Options header
local xfo
xfo=$(echo "$headers" | grep -i "x-frame-options" | head -1 | tr -d '\r' || echo "")
local csp_frame
csp_frame=$(echo "$headers" | grep -i "content-security-policy" | grep -i "frame-ancestors" | head -1 | tr -d '\r' || echo "")
local blocks_iframe=false
if echo "$xfo" | grep -qi "deny\|sameorigin"; then
blocks_iframe=true
fi
if echo "$csp_frame" | grep -qi "frame-ancestors.*none\|frame-ancestors.*self"; then
blocks_iframe=true
fi
if [ "$blocks_iframe" = true ]; then
if [ "$should_newtab" = true ]; then
pass "$app_id — correctly marked as new-tab (blocks iframe: $xfo)"
else
fail "$app_id — blocks iframe ($xfo) but NOT in mustOpenInNewTab()"
fi
else
if [ "$should_newtab" = true ]; then
log " INFO: $app_id is in mustOpenInNewTab() but doesn't block iframes (safe to keep)"
pass "$app_id — marked as new-tab (conservative, OK)"
else
pass "$app_id — loads in iframe OK (no frame restrictions)"
fi
fi
}
main() {
log "=== iframe/new-tab Verification Test ==="
echo ""
for app_id in $(echo "${!APP_PORTS[@]}" | tr ' ' '\n' | sort); do
check_app "$app_id"
done
echo ""
log "=== RESULTS ==="
for r in "${RESULTS[@]}"; do
echo " $r"
done
echo ""
log "Pass: $PASS | Fail: $FAIL | Skip: $SKIP"
[ $FAIL -gt 0 ] && exit 1
exit 0
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink