update docs

ns3777k · tommysitu · commit da88c33120fc · 2021-02-01T21:43:28.000Z
diff --git a/core/cmd/hoverfly/main.go b/core/cmd/hoverfly/main.go
@@ -200,7 +200,7 @@ func main() {
 	flag.Var(&destinationFlags, "dest", "Specify which hosts to process (i.e. '-dest fooservice.org -dest barservice.org -dest catservice.org') - other hosts will be ignored will passthrough'")
 	flag.Var(&logOutputFlags, "logs-output", "Specify locations for output logs, options are \"console\" and \"file\" (default \"console\")")
 	flag.StringVar(&responseBodyFilesPath, "response-body-files-path", "", "When a response contains a relative bodyFile, it will be resolved against this path (default is CWD)")
-	flag.Var(&responseBodyFilesAllowedOriginFlags, "response-body-files-allowed-origin", "When a response contains a url in bodyFile, it will be loaded only if the origin is allowed")
+	flag.Var(&responseBodyFilesAllowedOriginFlags, "response-body-files-allow-origin", "When a response contains a url in bodyFile, it will be loaded only if the origin is allowed")
 
 	flag.Parse()
 
diff --git a/core/hoverfly_funcs.go b/core/hoverfly_funcs.go
@@ -161,7 +161,7 @@ func (hf *Hoverfly) readResponseBodyURL(fileURL string) (string, error) {
 	}
 
 	if !isAllowed {
-		return "", fmt.Errorf("bodyFile %s is not allowed. To allow this origin run hoverfly with -response-body-files-allowed-origin", fileURL)
+		return "", fmt.Errorf("bodyFile %s is not allowed. To allow this origin run hoverfly with -response-body-files-allow-origin", fileURL)
 	}
 
 	resp, err := http.DefaultClient.Get(fileURL)
diff --git a/docs/pages/keyconcepts/simulations/pairs.rst b/docs/pages/keyconcepts/simulations/pairs.rst
@@ -173,4 +173,10 @@ response bodies from external urls:
     "bodyFile": "https://raw.githubusercontent.com/SpectoLabs/hoverfly/master/schema.json"
   }
 
-Like local files, this feature is supported only on simulation import.
+Like local files, this feature is supported only on simulation import. To escape security issues there's another
+mandatory option to specify :code:`-response-body-files-allow-origin` that lets you explicitly set the collections of
+urls to allow body files to be downloaded from. For the above to work you need to run hoverfly like this:
+
+.. code:: bash
+
+    hoverfly -response-body-files-allow-origin="https://raw.githubusercontent.com/"
diff --git a/docs/pages/reference/hoverfly/hoverfly.output b/docs/pages/reference/hoverfly/hoverfly.output
@@ -83,6 +83,8 @@ Usage of hoverfly:
         Proxy port - run proxy on another port (i.e. '-pp 9999' to run proxy on port 9999)
   -proxy-auth Proxy-Authorization
         Switch the Proxy-Authorization header from proxy-auth Proxy-Authorization to header-auth `X-HOVERFLY-AUTHORIZATION`. Switching to header-auth will auto enable -https-only (default "proxy-auth")
+  -response-body-files-allow-origin value
+        When a response contains a url in bodyFile, it will be loaded only if the origin is allowed
   -response-body-files-path string
         When a response contains a relative bodyFile, it will be resolved against this path (default is CWD)
   -spy

Original file line number	Diff line number	Diff line change
`@@ -161,7 +161,7 @@ func (hf *Hoverfly) readResponseBodyURL(fileURL string) (string, error) {`
`161`	`161`	`}`
`162`	`162`
`163`	`163`	`if !isAllowed {`
`164`		`- return "", fmt.Errorf("bodyFile %s is not allowed. To allow this origin run hoverfly with -response-body-files-allowed-origin", fileURL)`
	`164`	`+ return "", fmt.Errorf("bodyFile %s is not allowed. To allow this origin run hoverfly with -response-body-files-allow-origin", fileURL)`
`165`	`165`	`}`
`166`	`166`
`167`	`167`	`resp, err := http.DefaultClient.Get(fileURL)`