Stock Price Checker Testing problems?

pauloconnell · November 22, 2020, 6:24pm

Tell us what’s happening:

I am doing this and one other project to be awarded the ‘legacy Full Stack Certification’ as the new one isn’t available yet.

Several tests are failing but should be passing - my program is running smoothly.

I am thinking there are some problems with the tests?

For example I’m failing the test to ensure I’m only allowing scripts and css from my server, but have helmet installed/required and the following set:

Your code so far

app.use(helmet.contentSecurityPolicy({
directives: { //defaultSrc: ["‘self’"],
scriptSrc: ["‘self’"],
styleSrc:["‘self’"]
}} ));

    https://stock-price-checker-paul.glitch.me

Your browser information:

User Agent is: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36.

Challenge: Stock Price Checker

Link to the challenge:

ilenia · November 22, 2020, 6:26pm

can you check if you have the right boilerplate? those have changed recently, you may have started working on it just before the change

can you check that you are submitting the Live App link and that your app is running? those are needed for the tests to check your app

jeremy.a.gray · November 22, 2020, 10:21pm

I would load the project’s index page in a browser and watch the console messages while using the page. I started with a similar content security policy to yours but had to expand it considerably to get things working as I saw many messages about things being blocked by the CSP. If everything works without errors in the browser, you may need to add some logging (requests, responses, etc.) to your server and routes to determine what is happening during the tests.

HelmetJS CSP

    // Helmet middleware.
    app.use(helmet({
      contentSecurityPolicy: {
        directives: {
          defaultSrc: ["'self'"],
          scriptSrc: ["'self'", "localhost", "*.jquery.com", "'unsafe-inline'"],
          scriptSrcElem: ["'self'", "localhost", "*.jquery.com", "'unsafe-inline'"],
          styleSrc: ["'self'", "localhost", "'unsafe-inline'"]
        }}}));

Good luck.

pauloconnell · November 22, 2020, 11:29pm

Hey Guys;
I am using the challenge found in the Information Security Cert. projects link above. I think it may be the wrong one? I want to do the one required for the legacy Full Stack Certification.

I noticed the git repository has 2 branches not merged yet…perhaps this is an issue?

I pulled from the git repository into Glitch so I can use the auto export to Git on Glitch - perhaps these are glitch ‘glitches’? I’ve seen that before

The challenge only asks to handle api queries, but I noticed that the front end fails /page refreshes when trying to submit the query using the form/inputs, so I updated the HTML to stop it’s (submit)=> which uses serialize-I just used the HTML tag to do it:

<form id="testForm" class="border" action="/api/stock-prices"
      method="GET">

and caught the req.body in my server, so it all works now, but that wasn’t part of the challenge-but now it works

Also got errors that there were a bunch of single quotes in the boilerplate HTML which I had to change to double quotes… old version?

ilenia · November 23, 2020, 7:59am

it’s that challenge, yes

all the projects are being updated, to make possible a future update much requested to the whole curriculum

the wrong template was a possibility, as they are being changed during these weeks.