2020-04-08 14:13:33 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
RSpec.describe 'IDE Clientside Preview CSP' do
|
2020-04-08 14:13:33 +05:30
|
|
|
let_it_be(:user) { create(:user) }
|
|
|
|
|
|
|
|
shared_context 'disable feature' do
|
|
|
|
before do
|
|
|
|
allow_next_instance_of(ApplicationSetting) do |instance|
|
|
|
|
allow(instance).to receive(:web_ide_clientside_preview_enabled?).and_return(false)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'setting CSP', 'frame-src' do
|
|
|
|
let(:whitelisted_url) { 'https://sandbox.gitlab-static.test' }
|
|
|
|
let(:extended_controller_class) { IdeController }
|
|
|
|
|
|
|
|
subject do
|
|
|
|
visit ide_path
|
|
|
|
|
|
|
|
response_headers['Content-Security-Policy']
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
allow_next_instance_of(ApplicationSetting) do |instance|
|
|
|
|
allow(instance).to receive(:web_ide_clientside_preview_enabled?).and_return(true)
|
|
|
|
allow(instance).to receive(:web_ide_clientside_preview_bundler_url).and_return(whitelisted_url)
|
|
|
|
end
|
|
|
|
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|