2020-01-08 01:08:13 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
describe 'Sourcegraph Content Security Policy' do
|
|
|
|
let_it_be(:user) { create(:user) }
|
|
|
|
let_it_be(:project) { create(:project, :repository, namespace: user.namespace) }
|
|
|
|
|
2020-02-22 19:09:14 -05:00
|
|
|
shared_context 'disable feature' do
|
2020-01-08 01:08:13 -05:00
|
|
|
before do
|
2020-02-22 19:09:14 -05:00
|
|
|
allow(Gitlab::CurrentSettings).to receive(:sourcegraph_enabled).and_return(false)
|
2020-01-08 01:08:13 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-03-12 17:09:45 -04:00
|
|
|
it_behaves_like 'setting CSP', 'connect-src' do
|
2020-02-22 19:09:14 -05:00
|
|
|
let_it_be(:whitelisted_url) { 'https://sourcegraph.test' }
|
|
|
|
let_it_be(:extended_controller_class) { Projects::BlobController }
|
2020-01-08 01:08:13 -05:00
|
|
|
|
2020-02-22 19:09:14 -05:00
|
|
|
subject do
|
|
|
|
visit project_blob_path(project, File.join('master', 'README.md'))
|
2020-01-08 01:08:13 -05:00
|
|
|
|
2020-02-22 19:09:14 -05:00
|
|
|
response_headers['Content-Security-Policy']
|
2020-01-08 01:08:13 -05:00
|
|
|
end
|
|
|
|
|
2020-02-22 19:09:14 -05:00
|
|
|
before do
|
|
|
|
allow(Gitlab::CurrentSettings).to receive(:sourcegraph_url).and_return(whitelisted_url)
|
|
|
|
allow(Gitlab::CurrentSettings).to receive(:sourcegraph_enabled).and_return(true)
|
2020-01-08 01:08:13 -05:00
|
|
|
|
2020-02-22 19:09:14 -05:00
|
|
|
sign_in(user)
|
2020-01-08 01:08:13 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|