Mercurial > hg
view tests/test-hgweb-csp.t @ 39270:37e56607cbb9
lfs: add a progress bar when searching for blobs to upload
The search itself can take an extreme amount of time if there are a lot of
revisions involved. I've got a local repo that took 6 minutes to push 1850
commits, and 60% of that time was spent here (there are ~70K files):
\ 58.1% wrapper.py: extractpointers line 297: pointers = extractpointers(...
| 57.7% wrapper.py: pointersfromctx line 352: for p in pointersfromctx(ct...
| 57.4% wrapper.py: pointerfromctx line 397: p = pointerfromctx(ctx, f, ...
\ 38.7% context.py: __contains__ line 368: if f not in ctx:
| 38.7% util.py: __get__ line 82: return key in self._manifest
| 38.7% context.py: _manifest line 1416: result = self.func(obj)
| 38.7% manifest.py: read line 472: return self._manifestctx.re...
\ 25.6% revlog.py: revision line 1562: text = rl.revision(self._node)
\ 12.8% revlog.py: _chunks line 2217: bins = self._chunks(chain, ...
| 12.0% revlog.py: decompressline 2112: ladd(decomp(buffer(data, ch...
\ 7.8% revlog.py: checkhash line 2232: self.checkhash(text, node, ...
| 7.8% revlog.py: hash line 2315: if node != self.hash(text, ...
| 7.8% revlog.py: hash line 2242: return hash(text, p1, p2)
\ 12.0% manifest.py: __init__ line 1565: self._data = manifestdict(t...
\ 16.8% context.py: filenode line 378: if not _islfs(fctx.filelog(...
| 15.7% util.py: __get__ line 706: return self._filelog
| 14.8% context.py: _filelog line 1416: result = self.func(obj)
| 14.8% localrepo.py: file line 629: return self._repo.file(self...
| 14.8% filelog.py: __init__ line 1134: return filelog.filelog(self...
| 14.5% revlog.py: __init__ line 24: censorable=True)
| author | Matt Harbison <matt_harbison@yahoo.com> |
|---|---|
| date | Fri, 24 Aug 2018 17:45:46 -0400 |
| parents | 3e3acf5d6a07 |
| children | 7e5be4a7cda7 |
line wrap: on
line source
#require serve $ cat > web.conf << EOF > [paths] > / = $TESTTMP/* > EOF $ hg init repo1 $ cd repo1 $ touch foo $ hg -q commit -A -m initial $ cd .. $ hg serve -p $HGPORT -d --pid-file=hg.pid --web-conf web.conf $ cat hg.pid >> $DAEMON_PIDS repo index should not send Content-Security-Policy header by default $ get-with-headers.py --headeronly localhost:$HGPORT '' content-security-policy etag 200 Script output follows static page should not send CSP by default $ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag 200 Script output follows repo page should not send CSP by default, should send ETag $ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag 200 Script output follows etag: W/"*" (glob) $ killdaemons.py Configure CSP without nonce $ cat >> web.conf << EOF > [web] > csp = script-src https://example.com/ 'unsafe-inline' > EOF $ hg serve -p $HGPORT -d --pid-file=hg.pid --web-conf web.conf $ cat hg.pid > $DAEMON_PIDS repo index should send Content-Security-Policy header when enabled $ get-with-headers.py --headeronly localhost:$HGPORT '' content-security-policy etag 200 Script output follows content-security-policy: script-src https://example.com/ 'unsafe-inline' static page should send CSP when enabled $ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag 200 Script output follows content-security-policy: script-src https://example.com/ 'unsafe-inline' $ get-with-headers.py --twice --headeronly localhost:$HGPORT repo1/static/style.css content-security-policy 200 Script output follows content-security-policy: script-src https://example.com/ 'unsafe-inline' 304 Not Modified content-security-policy: script-src https://example.com/ 'unsafe-inline' repo page should send CSP by default, include etag w/o nonce $ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag 200 Script output follows content-security-policy: script-src https://example.com/ 'unsafe-inline' etag: W/"*" (glob) nonce should not be added to html if CSP doesn't use it $ get-with-headers.py localhost:$HGPORT repo1/graph/tip | egrep 'content-security-policy|<script' <script type="text/javascript" src="/repo1/static/mercurial.js"></script> <script type="text/javascript"> <script type="text/javascript"> Configure CSP with nonce $ killdaemons.py $ cat >> web.conf << EOF > csp = image-src 'self'; script-src https://example.com/ 'nonce-%nonce%' > EOF $ hg serve -p $HGPORT -d --pid-file=hg.pid --web-conf web.conf $ cat hg.pid > $DAEMON_PIDS nonce should be substituted in CSP header $ get-with-headers.py --headeronly localhost:$HGPORT '' content-security-policy etag 200 Script output follows content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob) nonce should be included in CSP for static pages $ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag 200 Script output follows content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob) repo page should have nonce, no ETag $ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag 200 Script output follows content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob) nonce should be added to html when used $ get-with-headers.py localhost:$HGPORT repo1/graph/tip content-security-policy | egrep 'content-security-policy|<script' content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob) <script type="text/javascript" src="/repo1/static/mercurial.js"></script> <script type="text/javascript" nonce="*"> (glob) <script type="text/javascript" nonce="*"> (glob) hgweb_mod w/o hgwebdir works as expected $ killdaemons.py $ hg serve -R repo1 -p $HGPORT -d --pid-file=hg.pid --config "web.csp=image-src 'self'; script-src https://example.com/ 'nonce-%nonce%'" $ cat hg.pid > $DAEMON_PIDS static page sends CSP $ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag 200 Script output follows content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob) nonce included in <script> and headers $ get-with-headers.py localhost:$HGPORT graph/tip content-security-policy | egrep 'content-security-policy|<script' content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob) <script type="text/javascript" src="/static/mercurial.js"></script> <script type="text/javascript" nonce="*"> (glob) <script type="text/javascript" nonce="*"> (glob)