Add local 301 redirect for address bar spoofing test case. (#179)

* Add local 301 redirect for address bar spoofing test case instead of relying on third party site. This specific test case was not implemented correctly, instead we need a 301 redirect with a different binary format since PDFs render inside the browser instead of forcing downloads. * Single quotify.
duckduckgo · Dec 20, 2023 · af7fc86 · af7fc86
1 parent 7f1dcae
commit af7fc86
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/security/address-bar-spoofing/spoof-js-download-url.html b/security/address-bar-spoofing/spoof-js-download-url.html
@@ -11,7 +11,7 @@
       const w = open()
       w.opener = null
       w.document.write('<h1>Not DDG.</h1>')
-      w.location = 'https://tyny.to/s509a8'
+      w.location = '/security/address-bar-spoofing/download-redirect'
     }
   </script>
 </head>

diff --git a/server.js b/server.js
@@ -255,6 +255,12 @@ app.get('/redirect', (req, res) => {
     res.end();
 });
 
+// Returns a 301 redirect to a download link of our browser
+// for use in the address bar spoofing test
+app.get('/security/address-bar-spoofing/download-redirect', (req, res) => {
+    res.redirect(301, 'https://staticcdn.duckduckgo.com/macos-desktop-browser/duckduckgo.dmg');
+});
+
 app.use('/content-scope-scripts/', express.static('node_modules/@duckduckgo/content-scope-scripts/integration-test/test-pages/'));
 
 const blockingRoutes = require('./privacy-protections/request-blocking/server/routes');