From 7e19fe5f112c2a8f77f7db6cad2dfc15508ecef2 Mon Sep 17 00:00:00 2001 From: Lars Trieloff Date: Tue, 20 Apr 2021 17:37:57 +0200 Subject: [PATCH 1/2] fix(embed): disable spark embeds, use universal runtime for embeds --- src/schemas/secrets.schema.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/schemas/secrets.schema.json b/src/schemas/secrets.schema.json index 9c5731b38..f3b2eb3a4 100644 --- a/src/schemas/secrets.schema.json +++ b/src/schemas/secrets.schema.json @@ -38,7 +38,7 @@ "EMBED_ALLOWLIST": { "type": "string", "description": "Comma-separated list of allowed hostnames for embeds. Supports `*.example.com` as a subdomain wildcard. Use `*` to allow all embeds (potentially insecure and conflicting with `DATA_EMBED_ALLOWLIST`)", - "default": "www.youtube.com, spark.adobe.com, unsplash.com, soundcloud.com, lottiefiles.com, www.slideshare.net, vimeo.com, www.instagram.com, twitter.com, open.spotify.com, web.spotify.com, player.vimeo.com, www.linkedin.com, w.soundcloud.com, www.slideshare.net, youtu.be, media.giphy.com, video.tv.adobe.com, api.soundcloud.com, xd.adobe.com" + "default": "www.youtube.com, unsplash.com, soundcloud.com, lottiefiles.com, www.slideshare.net, vimeo.com, www.instagram.com, twitter.com, open.spotify.com, web.spotify.com, player.vimeo.com, www.linkedin.com, w.soundcloud.com, www.slideshare.net, youtu.be, media.giphy.com, video.tv.adobe.com, api.soundcloud.com, xd.adobe.com" }, "DATA_EMBED_ALLOWLIST": { "type": "string", @@ -48,12 +48,12 @@ "EMBED_SERVICE": { "type": "string", "description": "URL of an Embed Service that takes the appended URL and returns an embeddable HTML representation.", - "default": "https://adobeioruntime.net/api/v1/web/helix/helix-services/embed@v1" + "default": "https://helix-pages.anywhere.run/helix-services/embed@v1" }, "DATA_EMBED_SERVICE": { "type": "string", "description": "URL of a DataEmbed Service that takes the appended URL and returns an iterable JSON representation.", - "default": "https://adobeioruntime.net/api/v1/web/helix/helix-services/data-embed@v1" + "default": "https://helix-pages.anywhere.run/helix-services/data-embed@v2" }, "EMBED_SELECTOR": { "type": "string", From 41b927603a917e7b0cad6fa19f463e1db874b094 Mon Sep 17 00:00:00 2001 From: Tobias Bocanegra Date: Wed, 21 Apr 2021 12:14:41 +0900 Subject: [PATCH 2/2] fix(data): keep runtime for data-embed and fix tests --- docs/action-properties-secrets.md | 4 ++-- docs/secrets-properties-data_embed_service.md | 2 +- docs/secrets-properties-embed_service.md | 2 +- docs/secrets.md | 4 ++-- docs/secrets.schema.json | 2 +- src/schemas/secrets.schema.json | 2 +- test/fixtures/embeds.html | 8 ++++---- test/testDataEmbeds.js | 2 +- test/testEmbedHandler.js | 2 +- test/testPipeWithMarkupConfig.js | 4 ++-- 10 files changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/action-properties-secrets.md b/docs/action-properties-secrets.md index 02aa2a96a..c142166d5 100644 --- a/docs/action-properties-secrets.md +++ b/docs/action-properties-secrets.md @@ -171,7 +171,7 @@ URL of an Embed Service that takes the appended URL and returns an embeddable HT The default value is: ```json -"https://adobeioruntime.net/api/v1/web/helix/helix-services/embed@v1" +"https://helix-pages.anywhere.run/helix-services/embed@v1" ``` ## DATA_EMBED_SERVICE @@ -197,7 +197,7 @@ URL of a DataEmbed Service that takes the appended URL and returns an iterable J The default value is: ```json -"https://adobeioruntime.net/api/v1/web/helix/helix-services/data-embed@v1" +"https://adobeioruntime.net/api/v1/web/helix/helix-services/data-embed@v2" ``` ## EMBED_SELECTOR diff --git a/docs/secrets-properties-data_embed_service.md b/docs/secrets-properties-data_embed_service.md index 8b0e865aa..799664639 100644 --- a/docs/secrets-properties-data_embed_service.md +++ b/docs/secrets-properties-data_embed_service.md @@ -19,5 +19,5 @@ URL of a DataEmbed Service that takes the appended URL and returns an iterable J The default value is: ```json -"https://adobeioruntime.net/api/v1/web/helix/helix-services/data-embed@v1" +"https://adobeioruntime.net/api/v1/web/helix/helix-services/data-embed@v2" ``` diff --git a/docs/secrets-properties-embed_service.md b/docs/secrets-properties-embed_service.md index c637b44f1..cfc4c0dcf 100644 --- a/docs/secrets-properties-embed_service.md +++ b/docs/secrets-properties-embed_service.md @@ -19,5 +19,5 @@ URL of an Embed Service that takes the appended URL and returns an embeddable HT The default value is: ```json -"https://adobeioruntime.net/api/v1/web/helix/helix-services/embed@v1" +"https://helix-pages.anywhere.run/helix-services/embed@v1" ``` diff --git a/docs/secrets.md b/docs/secrets.md index e9a0323d3..e1c7da2b2 100644 --- a/docs/secrets.md +++ b/docs/secrets.md @@ -171,7 +171,7 @@ URL of an Embed Service that takes the appended URL and returns an embeddable HT The default value is: ```json -"https://adobeioruntime.net/api/v1/web/helix/helix-services/embed@v1" +"https://helix-pages.anywhere.run/helix-services/embed@v1" ``` ## DATA_EMBED_SERVICE @@ -197,7 +197,7 @@ URL of a DataEmbed Service that takes the appended URL and returns an iterable J The default value is: ```json -"https://adobeioruntime.net/api/v1/web/helix/helix-services/data-embed@v1" +"https://adobeioruntime.net/api/v1/web/helix/helix-services/data-embed@v2" ``` ## EMBED_SELECTOR diff --git a/docs/secrets.schema.json b/docs/secrets.schema.json index bda810fcd..9d17e4a30 100644 --- a/docs/secrets.schema.json +++ b/docs/secrets.schema.json @@ -1 +1 @@ -{"meta:license":["Copyright 2018 Adobe. All rights reserved.","This file is licensed to you under the Apache License, Version 2.0 (the \"License\");","you may not use this file except in compliance with the License. You may obtain a copy","of the License at http://www.apache.org/licenses/LICENSE-2.0","","Unless required by applicable law or agreed to in writing, software distributed under","the License is distributed on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS","OF ANY KIND, either express or implied. See the License for the specific language","governing permissions and limitations under the License."],"$id":"https://ns.adobe.com/helix/pipeline/secrets","$schema":"http://json-schema.org/draft-07/schema#","title":"Secrets","type":"object","meta:status":"stable","additionalProperties":false,"description":"Secrets passed into the pipeline such as API Keys or configuration settings.","patternProperties":{"[A-Z0-9_]+":{"type":["boolean","integer","number","string"]}},"properties":{"REPO_RAW_ROOT":{"type":"string","format":"uri","description":"The Base URL for retrieving raw text files from GitHub","default":"https://raw.githubusercontent.com/"},"REPO_API_ROOT":{"type":"string","format":"uri","description":"The base URL for all GitHub API operations","default":"https://api.github.com/"},"EMBED_ALLOWLIST":{"type":"string","description":"Comma-separated list of allowed hostnames for embeds. Supports `*.example.com` as a subdomain wildcard. Use `*` to allow all embeds (potentially insecure and conflicting with `DATA_EMBED_ALLOWLIST`)","default":"www.youtube.com, unsplash.com, soundcloud.com, lottiefiles.com, www.slideshare.net, vimeo.com, www.instagram.com, twitter.com, open.spotify.com, web.spotify.com, player.vimeo.com, www.linkedin.com, w.soundcloud.com, www.slideshare.net, youtu.be, media.giphy.com, video.tv.adobe.com, api.soundcloud.com, xd.adobe.com"},"DATA_EMBED_ALLOWLIST":{"type":"string","description":"Comma-separated list of allowed hostnames for data embeds. Supports `*.example.com` as a subdomain wildcard. Use `*` to allow all embeds (potentially insecure and conflicting with `EMBED_ALLOWLIST`)","default":"docs.google.com, *.sharepoint.com"},"EMBED_SERVICE":{"type":"string","description":"URL of an Embed Service that takes the appended URL and returns an embeddable HTML representation.","default":"https://adobeioruntime.net/api/v1/web/helix/helix-services/embed@v1"},"DATA_EMBED_SERVICE":{"type":"string","description":"URL of a DataEmbed Service that takes the appended URL and returns an iterable JSON representation.","default":"https://adobeioruntime.net/api/v1/web/helix/helix-services/data-embed@v1"},"EMBED_SELECTOR":{"type":"string","description":"Selector to be used when resolving internal embeds.","default":"embed"},"IMAGES_MIN_SIZE":{"type":"integer","description":"Minimum physical width of responsive images to generate","default":480},"HTTP_TIMEOUT":{"type":"integer","description":"Timeout for outgoing HTTP requests in milliseconds","default":1000},"HTTP_TIMEOUT_EXTERNAL":{"type":"integer","description":"Timeout for outgoing HTTP requests to external services in milliseconds","default":20000},"TEST_BOOLEAN":{"type":"boolean","default":true},"XML_PRETTY":{"type":"boolean","description":"Print XML with line breaks and indentation","default":true},"SANITIZE_DOM":{"type":"boolean","description":"Sanitize the HTML output to guard against XSS attacks. \n\n**Note:** this flag applies a pretty aggressive DOM filtering that will strip out a lot of HTML that your authors might find useful. The setting is meant for processing truly untrusted inputs, such as comments in a social media site.","default":false},"RESOLVE_GITREF_SERVICE":{"type":"string","description":"API endpoint or action name to the service that resolves github refs to commit SHAs.","default":""},"GITHUB_TOKEN":{"type":"string","description":"GitHub access token to use while fetching markdown. See https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line.","default":""},"CONTENT_PROXY_URL":{"type":"string","format":"uri","description":"URL of the content proxy service."}}} +{"meta:license":["Copyright 2018 Adobe. All rights reserved.","This file is licensed to you under the Apache License, Version 2.0 (the \"License\");","you may not use this file except in compliance with the License. You may obtain a copy","of the License at http://www.apache.org/licenses/LICENSE-2.0","","Unless required by applicable law or agreed to in writing, software distributed under","the License is distributed on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS","OF ANY KIND, either express or implied. See the License for the specific language","governing permissions and limitations under the License."],"$id":"https://ns.adobe.com/helix/pipeline/secrets","$schema":"http://json-schema.org/draft-07/schema#","title":"Secrets","type":"object","meta:status":"stable","additionalProperties":false,"description":"Secrets passed into the pipeline such as API Keys or configuration settings.","patternProperties":{"[A-Z0-9_]+":{"type":["boolean","integer","number","string"]}},"properties":{"REPO_RAW_ROOT":{"type":"string","format":"uri","description":"The Base URL for retrieving raw text files from GitHub","default":"https://raw.githubusercontent.com/"},"REPO_API_ROOT":{"type":"string","format":"uri","description":"The base URL for all GitHub API operations","default":"https://api.github.com/"},"EMBED_ALLOWLIST":{"type":"string","description":"Comma-separated list of allowed hostnames for embeds. Supports `*.example.com` as a subdomain wildcard. Use `*` to allow all embeds (potentially insecure and conflicting with `DATA_EMBED_ALLOWLIST`)","default":"www.youtube.com, unsplash.com, soundcloud.com, lottiefiles.com, www.slideshare.net, vimeo.com, www.instagram.com, twitter.com, open.spotify.com, web.spotify.com, player.vimeo.com, www.linkedin.com, w.soundcloud.com, www.slideshare.net, youtu.be, media.giphy.com, video.tv.adobe.com, api.soundcloud.com, xd.adobe.com"},"DATA_EMBED_ALLOWLIST":{"type":"string","description":"Comma-separated list of allowed hostnames for data embeds. Supports `*.example.com` as a subdomain wildcard. Use `*` to allow all embeds (potentially insecure and conflicting with `EMBED_ALLOWLIST`)","default":"docs.google.com, *.sharepoint.com"},"EMBED_SERVICE":{"type":"string","description":"URL of an Embed Service that takes the appended URL and returns an embeddable HTML representation.","default":"https://helix-pages.anywhere.run/helix-services/embed@v1"},"DATA_EMBED_SERVICE":{"type":"string","description":"URL of a DataEmbed Service that takes the appended URL and returns an iterable JSON representation.","default":"https://adobeioruntime.net/api/v1/web/helix/helix-services/data-embed@v2"},"EMBED_SELECTOR":{"type":"string","description":"Selector to be used when resolving internal embeds.","default":"embed"},"IMAGES_MIN_SIZE":{"type":"integer","description":"Minimum physical width of responsive images to generate","default":480},"HTTP_TIMEOUT":{"type":"integer","description":"Timeout for outgoing HTTP requests in milliseconds","default":1000},"HTTP_TIMEOUT_EXTERNAL":{"type":"integer","description":"Timeout for outgoing HTTP requests to external services in milliseconds","default":20000},"TEST_BOOLEAN":{"type":"boolean","default":true},"XML_PRETTY":{"type":"boolean","description":"Print XML with line breaks and indentation","default":true},"SANITIZE_DOM":{"type":"boolean","description":"Sanitize the HTML output to guard against XSS attacks. \n\n**Note:** this flag applies a pretty aggressive DOM filtering that will strip out a lot of HTML that your authors might find useful. The setting is meant for processing truly untrusted inputs, such as comments in a social media site.","default":false},"RESOLVE_GITREF_SERVICE":{"type":"string","description":"API endpoint or action name to the service that resolves github refs to commit SHAs.","default":""},"GITHUB_TOKEN":{"type":"string","description":"GitHub access token to use while fetching markdown. See https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line.","default":""},"CONTENT_PROXY_URL":{"type":"string","format":"uri","description":"URL of the content proxy service."}}} diff --git a/src/schemas/secrets.schema.json b/src/schemas/secrets.schema.json index f3b2eb3a4..43ffde861 100644 --- a/src/schemas/secrets.schema.json +++ b/src/schemas/secrets.schema.json @@ -53,7 +53,7 @@ "DATA_EMBED_SERVICE": { "type": "string", "description": "URL of a DataEmbed Service that takes the appended URL and returns an iterable JSON representation.", - "default": "https://helix-pages.anywhere.run/helix-services/data-embed@v2" + "default": "https://adobeioruntime.net/api/v1/web/helix/helix-services/data-embed@v2" }, "EMBED_SELECTOR": { "type": "string", diff --git a/test/fixtures/embeds.html b/test/fixtures/embeds.html index bcc442b72..6261e7984 100644 --- a/test/fixtures/embeds.html +++ b/test/fixtures/embeds.html @@ -3,7 +3,7 @@

Hello “World”

Gatsby-Style-Embeds

+ src="https://helix-pages.anywhere.run/helix-services/embed@v1/https://www.youtube.com/embed/2Xc9gXyf2G4"> video: https://www.youtube.com/embed/2Xc9gXyf2G4

@@ -12,7 +12,7 @@

Gatsby-Style-Embeds

video: http foo bar looks interesting, but doesn’t work either.

Link + Image-Style Embeds

+ src="https://helix-pages.anywhere.run/helix-services/embed@v1/https://www.youtube.com/watch?v=KOxbO0EI4MA">

Link + Image-Style Embeds Audi R8is just an image.

Image-Style Embeds

+ src="https://helix-pages.anywhere.run/helix-services/embed@v1/https://www.youtube.com/watch?v=KOxbO0EI4MA">

@@ -37,7 +37,7 @@

Image-Style Embeds

is on a paragraph of its own.

IA Writer-Style Embeds

+ src="https://helix-pages.anywhere.run/helix-services/embed@v1/https://www.youtube.com/watch?v=KOxbO0EI4MA">

https://www.youtube.com/watch?v=KOxbO0EI4MA

diff --git a/test/testDataEmbeds.js b/test/testDataEmbeds.js index caff6c83f..3a707b76f 100644 --- a/test/testDataEmbeds.js +++ b/test/testDataEmbeds.js @@ -547,7 +547,7 @@ describe('Integration Test with Data Embeds (version locked)', () => { action.versionLock = new VersionLock({ __ow_headers: { - 'x-ow-version-lock': 'data-embed=data-embed@v1.2.3', + 'x-ow-version-lock': 'data-embed=v1.2.3', }, }); action.downloader = new Downloader(context, action, { forceHttp1: true }); diff --git a/test/testEmbedHandler.js b/test/testEmbedHandler.js index 49b1b37ab..47c3a3529 100644 --- a/test/testEmbedHandler.js +++ b/test/testEmbedHandler.js @@ -86,7 +86,7 @@ describe('Test Embed Handler', () => { await coerce(action); embed(action.secrets)((_, tagname, parameters, children) => { - assert.equal(parameters.src, 'https://adobeioruntime.net/api/v1/web/helix/helix-services/embed@v1/https://www.example.com/'); + assert.equal(parameters.src, 'https://helix-pages.anywhere.run/helix-services/embed@v1/https://www.example.com/'); assert.equal(children, undefined); assert.equal(tagname, 'esi:include'); }, node); diff --git a/test/testPipeWithMarkupConfig.js b/test/testPipeWithMarkupConfig.js index cf0e3cd3d..0f9216747 100644 --- a/test/testPipeWithMarkupConfig.js +++ b/test/testPipeWithMarkupConfig.js @@ -240,13 +240,13 @@ https://soundcloud.com/mariamamermounib/el-ghasala?in=mariamamermounib/sets/mari `

from github.

-        
+        
         
           
https://www.youtube.com/watch?v=dQw4w9WgXcQ

And here is something from Soundcloud

- +

https://soundcloud.com/mariamamermounib/el-ghasala?in=mariamamermounib/sets/mariam-amer-mounib-amel-eh-fe

`); });