From 96f93336fc1f389ee5bd065e13d2d2abbcc8f761 Mon Sep 17 00:00:00 2001
From: cesine <cesine@yahoo.com>
Date: Fri, 26 Dec 2025 10:06:45 -0500
Subject: [PATCH 1/2] support couchapp attachments while testing locally

---
 etc/local.ini               |  6 ++++++
 test/integration/install.js | 23 ++++++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/etc/local.ini b/etc/local.ini
index 961b231..10327c6 100644
--- a/etc/local.ini
+++ b/etc/local.ini
@@ -5,6 +5,12 @@ enable_cors = true
 origins = *
 credentials = true
 
+[csp]
+attachments_enable = true
+; https://docs.couchdb.org/en/stable/cve/2021-38295.html
+; use nginx instead to allow only signed couchapps when on deployed server
+attachments_header_value = "child-src 'self' data: blob:; default-src 'self'; img-src 'self' data: https://secure.gravatar.com; font-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"
+
 [couchdb]
 single_node=true
 
diff --git a/test/integration/install.js b/test/integration/install.js
index bc500c4..564fe0e 100644
--- a/test/integration/install.js
+++ b/test/integration/install.js
@@ -18,6 +18,8 @@ debug('replay localhosts', replay._localhosts);
              \"TLS server: In state wait_finished received CLIENT ALERT: Fatal - Certificate Unknown\\n\"}}}"
  */
 let destination = 'http://admin:none@localhost:5984';
+const couchUrl = destination.replace('admin:none@', '');
+
 if (!destination) {
   destination = url.parse(config.usersDbConnection.url);
   destination.auth = `${config.couchKeys.username}:${config.couchKeys.password}`;
@@ -525,6 +527,18 @@ describe('install', () => {
           expect(res.body.ok).to.equal(true);
 
           return supertest(destination)
+            .put(`/${dbnameToReplicate}/_security`)
+            .set('cookie', adminSessionCookie)
+            .set('Accept', 'application/json')
+            .send({
+              "members":{"roles":[]},
+              "admins":{"roles":["_admin"]}
+            })
+        })
+        .then((res) => {
+          expect(res.body.ok).to.equal(true);
+
+          return supertest(couchUrl)
             .get(`/${dbnameToReplicate}/_design/prototype`)
             .set('Accept', 'application/json');
         })
@@ -532,12 +546,19 @@ describe('install', () => {
           debug('res.body prototype after ', res.body);
           expect(res.body.couchapp && res.body.couchapp.name).to.contain('Prototype (has the most features of the apps)', JSON.stringify(res.body));
 
-          return supertest(destination)
+          return supertest(couchUrl)
             .get(`/${dbnameToReplicate}/_design/prototype/user.html`);
         })
         .then((res) => {
           debug('res.body prototype after ', res.body);
           expect(res.status).to.equal(200);
+
+          return supertest(couchUrl)
+            .get(`/${dbnameToReplicate}/_design/prototype/app/app.css`);
+        })
+        .then((res) => {
+          debug('attachments prototype after ', res.body);
+          expect(res.status).to.equal(200);
         });
     });
   });

From 5cbd409a22399641b1ec51d1df236f5362f0a7df Mon Sep 17 00:00:00 2001
From: cesine <cesine@yahoo.com>
Date: Fri, 26 Dec 2025 10:09:11 -0500
Subject: [PATCH 2/2] fix lint

---
 test/integration/install.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/integration/install.js b/test/integration/install.js
index 564fe0e..202a830 100644
--- a/test/integration/install.js
+++ b/test/integration/install.js
@@ -533,7 +533,7 @@ describe('install', () => {
             .send({
               "members":{"roles":[]},
               "admins":{"roles":["_admin"]}
-            })
+            });
         })
         .then((res) => {
           expect(res.body.ok).to.equal(true);