Merge branch 'fj-force-content-disposition' into 'master'

Set content disposition attachment to several endpoints

See merge request gitlab-org/gitlab-ce!23223
This commit is contained in:
Nick Thomas 2018-11-23 16:44:09 +00:00
commit 2340e094fe
8 changed files with 36 additions and 1 deletions

View file

@ -40,7 +40,8 @@ class Profiles::KeysController < Profiles::ApplicationController
begin
user = UserFinder.new(params[:username]).find_by_username
if user.present?
render text: user.all_ssh_keys.join("\n"), content_type: "text/plain"
headers['Content-Disposition'] = 'attachment'
render text: user.all_ssh_keys.join("\n"), content_type: 'text/plain'
else
return render_404
end

View file

@ -0,0 +1,5 @@
---
title: Force content disposition attachment to several endpoints
merge_request: 23223
author:
type: other

View file

@ -494,6 +494,7 @@ module API
def send_git_blob(repository, blob)
env['api.format'] = :txt
content_type 'text/plain'
header['Content-Disposition'] = "attachment; filename=#{blob.name.inspect}"
header(*Gitlab::Workhorse.send_git_blob(repository, blob))
end

View file

@ -146,6 +146,7 @@ module API
env['api.format'] = :txt
content_type 'text/plain'
header['Content-Disposition'] = 'attachment'
present snippet.content
end
# rubocop: enable CodeReuse/ActiveRecord

View file

@ -62,8 +62,15 @@ describe Profiles::KeysController do
it "responds with text/plain content type" do
get :get_keys, username: user.username
expect(response.content_type).to eq("text/plain")
end
it "responds with attachment content disposition" do
get :get_keys, username: user.username
expect(response.headers['Content-Disposition']).to eq('attachment')
end
end
end
end

View file

@ -178,6 +178,14 @@ describe API::Files do
expect(response).to have_gitlab_http_status(200)
end
it 'forces attachment content disposition' do
url = route(file_path) + "/raw"
get api(url, current_user), params
expect(headers['Content-Disposition']).to match(/^attachment/)
end
context 'when mandatory params are not given' do
it_behaves_like '400 response' do
let(:request) { get api(route("any%2Ffile"), current_user) }

View file

@ -168,6 +168,12 @@ describe API::Repositories do
expect(response).to have_gitlab_http_status(200)
end
it 'forces attachment content disposition' do
get api(route, current_user)
expect(headers['Content-Disposition']).to match(/^attachment/)
end
context 'when sha does not exist' do
it_behaves_like '404 response' do
let(:request) { get api(route.sub(sample_blob.oid, '123456'), current_user) }

View file

@ -94,6 +94,12 @@ describe API::Snippets do
expect(response.body).to eq(snippet.content)
end
it 'forces attachment content disposition' do
get api("/snippets/#{snippet.id}/raw", user)
expect(headers['Content-Disposition']).to match(/^attachment/)
end
it 'returns 404 for invalid snippet id' do
get api("/snippets/1234/raw", user)