Move address bar spoofing server routes out of server.js (#180)

* Change from PDF download to DMG download with 302 redirect. This specific test case was not implemented correctly, instead we need a 302 redirect with a different binary format since PDFs render inside the browser instead of forcing downloads. * Single quotify. * Move security routes out of server.js. * Whitespace fix.
duckduckgo · Dec 20, 2023 · 5b3f123 · 5b3f123
1 parent af7fc86
commit 5b3f123
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/security/address-bar-spoofing/server/routes.js b/security/address-bar-spoofing/server/routes.js
@@ -0,0 +1,10 @@
+const express = require('express');
+const router = express.Router();
+
+// Returns a 301 redirect to a download link of our browser
+// for use in the download path test
+router.get('/download-redirect', (req, res) => {
+    res.redirect(301, 'https://staticcdn.duckduckgo.com/macos-desktop-browser/duckduckgo.dmg');
+});
+
+module.exports = router;
diff --git a/server.js b/server.js
@@ -280,3 +280,6 @@ app.use('/features/client-hints', chRoutes);
 
 const clearDataRoutes = require('./features/clear-data/server/routes.js');
 app.use('/features/clear-data', clearDataRoutes);
+
+const addressBarSpoofingRoutes = require('./security/address-bar-spoofing/server/routes.js');
+app.use('/security/address-bar-spoofing', addressBarSpoofingRoutes);