From 913b7655688bbddd7d233d8d5e698f646268e2a1 Mon Sep 17 00:00:00 2001
From: Thomas Espach <tespach@duckduckgo.com>
Date: Wed, 20 Dec 2023 09:25:29 +0000
Subject: [PATCH 1/2] Change from PDF download to DMG download with 302
 redirect.

This specific test case was not implemented correctly, instead we need a 302 redirect with a different binary format since PDFs render inside the browser instead of forcing downloads.
---
 security/address-bar-spoofing/spoof-js-download-url.html | 4 ++--
 server.js                                                | 6 ++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/security/address-bar-spoofing/spoof-js-download-url.html b/security/address-bar-spoofing/spoof-js-download-url.html
index af12852..fda82cb 100644
--- a/security/address-bar-spoofing/spoof-js-download-url.html
+++ b/security/address-bar-spoofing/spoof-js-download-url.html
@@ -10,8 +10,8 @@
     function run() {
       const w = open()
       w.opener = null
-      w.document.write('<h1>Not Third Party Site.</h1>')
-      w.location = 'https://bad.third-party.site/features/download/file/pdf'
+      w.document.write('<h1>Not DDG.</h1>')
+      w.location = '/security/address-bar-spoofing/download-redirect'
     }
   </script>
 </head>
diff --git a/server.js b/server.js
index b081daa..7609b87 100644
--- a/server.js
+++ b/server.js
@@ -255,6 +255,12 @@ app.get('/redirect', (req, res) => {
     res.end();
 });
 
+// Returns a 301 redirect to a download link of our browser
+// for use in the address bar spoofing test
+app.get('/security/address-bar-spoofing/download-redirect', (req, res) => {
+    res.redirect(301, "https://staticcdn.duckduckgo.com/macos-desktop-browser/duckduckgo.dmg");
+});
+
 app.use('/content-scope-scripts/', express.static('node_modules/@duckduckgo/content-scope-scripts/integration-test/test-pages/'));
 
 const blockingRoutes = require('./privacy-protections/request-blocking/server/routes');

From 3840b41c6910174c626558fc4a0772f5cd97396c Mon Sep 17 00:00:00 2001
From: Thomas Espach <tespach@duckduckgo.com>
Date: Wed, 20 Dec 2023 09:30:43 +0000
Subject: [PATCH 2/2] Single quotify.

---
 server.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server.js b/server.js
index 7609b87..7ba834e 100644
--- a/server.js
+++ b/server.js
@@ -258,7 +258,7 @@ app.get('/redirect', (req, res) => {
 // Returns a 301 redirect to a download link of our browser
 // for use in the address bar spoofing test
 app.get('/security/address-bar-spoofing/download-redirect', (req, res) => {
-    res.redirect(301, "https://staticcdn.duckduckgo.com/macos-desktop-browser/duckduckgo.dmg");
+    res.redirect(301, 'https://staticcdn.duckduckgo.com/macos-desktop-browser/duckduckgo.dmg');
 });
 
 app.use('/content-scope-scripts/', express.static('node_modules/@duckduckgo/content-scope-scripts/integration-test/test-pages/'));