debian-mirror-gitlab/spec/features/projects/sourcegraph_csp_spec.rb

34 lines
1,016 B
Ruby
Raw Normal View History

2020-03-13 15:44:24 +05:30
# frozen_string_literal: true
require 'spec_helper'
2020-06-23 00:09:42 +05:30
RSpec.describe 'Sourcegraph Content Security Policy' do
2020-03-13 15:44:24 +05:30
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :repository, namespace: user.namespace) }
2020-04-08 14:13:33 +05:30
shared_context 'disable feature' do
2020-03-13 15:44:24 +05:30
before do
2020-04-08 14:13:33 +05:30
allow(Gitlab::CurrentSettings).to receive(:sourcegraph_enabled).and_return(false)
2020-03-13 15:44:24 +05:30
end
end
2020-04-08 14:13:33 +05:30
it_behaves_like 'setting CSP', 'connect-src' do
2022-01-26 12:08:38 +05:30
let_it_be(:sourcegraph_url) { 'https://sourcegraph.test' }
let_it_be(:allowlisted_url) { "#{sourcegraph_url}/.api/" }
2020-04-08 14:13:33 +05:30
let_it_be(:extended_controller_class) { Projects::BlobController }
2020-03-13 15:44:24 +05:30
2020-04-08 14:13:33 +05:30
subject do
visit project_blob_path(project, File.join('master', 'README.md'))
2020-03-13 15:44:24 +05:30
2020-04-08 14:13:33 +05:30
response_headers['Content-Security-Policy']
2020-03-13 15:44:24 +05:30
end
2020-04-08 14:13:33 +05:30
before do
2022-01-26 12:08:38 +05:30
allow(Gitlab::CurrentSettings).to receive(:sourcegraph_url).and_return(sourcegraph_url)
2020-04-08 14:13:33 +05:30
allow(Gitlab::CurrentSettings).to receive(:sourcegraph_enabled).and_return(true)
2020-03-13 15:44:24 +05:30
2020-04-08 14:13:33 +05:30
sign_in(user)
2020-03-13 15:44:24 +05:30
end
end
end