HTTP POST tests

[karlcow]

This is good.http POST http://localhost:5000/issues

HTTP/1.0 405 METHOD NOT ALLOWED
Allow: HEAD, GET, OPTIONS
Content-Length: 178
Content-Type: text/html
Date: Tue, 03 May 2016 04:41:55 GMT
Server: Werkzeug/0.10.4 Python/2.7.10

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>405 Method Not Allowed</title>
<h1>Method Not Allowed</h1>
<p>The method is not allowed for the requested URL.</p>

But this is "not good". (I know it is a leftover of the preview design)

http POST http://localhost:5000/

HTTP/1.0 200 OK
Content-Length: 21155
Content-Type: text/html; charset=utf-8
Date: Tue, 03 May 2016 04:43:06 GMT
Server: Werkzeug/0.10.4 Python/2.7.10
Set-Cookie: session=eyJjc3JmX3Rva2VuIjp7IiBiIjoiWXprMlpUTXdOemRqTlRZME5XRTNOemMwTURNMVlUTXpZVFZqTVRrNFptTTVNalkwTURsak5BPT0ifX0.Cgm92g.LNDGffBQG-ZCkaEcA0gnzhdPZ9M; HttpOnly; Path=/

When the POST is successful the user get a 302 with redirection to a thanks page.

This could be fixed at the same time than #646
with:

• returns 405 for any URI which are not about issues reporting so everything but /issues/new
• returns 201 Created to the successful POST with Location: being the issue page.

[miketaylr]

Ah yes, good find @karlcow.

[miketaylr]

@karlcow can you check if this is still an issue?

[karlcow]

This is still an issue.

→ http --print h POST http://localhost:5000/

HTTP/1.0 200 OK
Content-Length: 23790
Content-Security-Policy-Report-Only: default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Content-Type: text/html; charset=utf-8
Date: Thu, 11 May 2017 00:58:06 GMT
Server: Werkzeug/0.10.4 Python/2.7.10
Set-Cookie: session=eyJjc3JmX3Rva2VuIjp7IiBiIjoiTVRGbU1HSmhZVEEwTm1ObE1UTXpaR0prT0dFeU9XRTFOamt4TjJSaVptTmtabUkwWldOa05BPT0ifX0.C_VIng.tj2DbBkUa2qu8CBiJ9sr6vDuzvw; HttpOnly; Path=/
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

but it is easy to solve because the issue is touching only dead code.

[karlcow]

→ nosetests
...............................................
----------------------------------------------------------------------
Ran 47 tests in 5.264s

OK

and we do not have functional tests creating issues from the home page.

→ git rg 'url("/"' tests/functional
tests/functional/history-navigation-non-auth.js
24:          FunctionalHelpers.openPage(this, url("/"), ".js-issues-link")

tests/functional/index-non-auth.js
23:        return FunctionalHelpers.openPage(this, url("/"), ".js-Hero-title")
46:        return FunctionalHelpers.openPage(this, url("/"), ".js-Hero-title")
57:          FunctionalHelpers.openPage(this, url("/"), ".js-Hero-title")
77:        return FunctionalHelpers.openPage(this, url("/"), ".js-Hero-title")

tests/functional/search-auth.js
148:        return FunctionalHelpers.openPage(this, url("/"), ".js-SearchBarOpen")
149:          .get(require.toUrl(url("/")))

[miketaylr]

and we do not have functional tests creating issues from the home page.

Yeah, we don't test creating issues in general because I'm afraid GitHub will mark us as spammers. We need to be able to mock the API first, I think.