From cd011b1a942c25dfb05ae391bd6e8ba823d721ad Mon Sep 17 00:00:00 2001 From: Tim Abbott Date: Thu, 28 Apr 2022 11:12:17 -0700 Subject: [PATCH] ci: Verify production servers using /api/v1/server_settings. The previous commit changed our response for the root domain on a self-hosted Zulip server containing no realms to be a 404. This made the HTTP headers verification done here less robust than would be ideal, in that one could imagine a bug that makes every URL 404 passing that test. So we instead change the check to verify the /server_settings API, which doesn't have that problem. --- tools/ci/production-verify | 4 ++-- tools/ci/success-http-headers.template.txt | 9 +++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/tools/ci/production-verify b/tools/ci/production-verify index 472d883c6c..389e8ed715 100755 --- a/tools/ci/production-verify +++ b/tools/ci/production-verify @@ -92,10 +92,10 @@ fi # TODO: Ideally this would test actually logging in, but this is a start. echo -echo "Now testing that the newly installed server's homepage loads" +echo "Now testing that the newly installed server's settings endpoint loads" echo -curl -ILk https://localhost -o /tmp/http-headers +curl -ILk https://localhost/api/v1/server_settings -o /tmp/http-headers grep -vi -e '^content-length:' -e '^date:' -e '^expires:' -e '^set-cookie:' /tmp/http-headers >/tmp/http-headers-processed nginx_version="$(nginx -v 2>&1)" diff --git a/tools/ci/success-http-headers.template.txt b/tools/ci/success-http-headers.template.txt index 3e6f4b1fcb..5fc4d8edd0 100644 --- a/tools/ci/success-http-headers.template.txt +++ b/tools/ci/success-http-headers.template.txt @@ -1,9 +1,14 @@ -HTTP/2 404 +HTTP/2 200 server: {nginx_version_string} -content-type: text/html; charset=utf-8 +content-type: application/json vary: Accept-Encoding vary: Accept-Language, Cookie content-language: en strict-transport-security: max-age=15768000 x-frame-options: DENY +x-content-type-options: nosniff +x-xss-protection: 1; mode=block +access-control-allow-origin: * +access-control-allow-headers: Authorization +access-control-allow-methods: GET, POST, DELETE, PUT, PATCH, HEAD