Fix cross-origin errors when attempting to download JavaScript attachments

If you upload a file with a .js extension, Rails' cross-origin JavaScript protection will prevent a user from downloading the file with a 422 error. Setting the content-type to `text/plain` will allow the user to download the file as a plaintext file. Closes #45826
author: Stan Hu <stanhu@gmail.com> 2018-05-14 07:43:48 +0300
committer: Stan Hu <stanhu@gmail.com> 2018-05-14 07:49:51 +0300
commit: 0c43170630b5b4e90e8f91526066435a06e077eb (patch)
tree: 856916a4bfd52a3fba1ca3bddf6c9c4a21091bdc /spec/controllers
parent: 40683268b2b5ad807194387d8345a30195e178c4 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/spec/controllers/concerns/send_file_upload_spec.rb b/spec/controllers/concerns/send_file_upload_spec.rb
index f4c99ea4064..58bb91a0c80 100644
--- a/spec/controllers/concerns/send_file_upload_spec.rb
+++ b/spec/controllers/concerns/send_file_upload_spec.rb
@@ -51,6 +51,21 @@ describe SendFileUpload do
       end
     end
 
+    context 'with attachment' do
+      subject { controller.send_upload(uploader, attachment: 'test.js') }
+
+      it 'sends a file with content-type of text/plain' do
+        expected_params = {
+          content_type: 'text/plain',
+          filename: 'test.js',
+          disposition: 'attachment'
+        }
+        expect(controller).to receive(:send_file).with(uploader.path, expected_params)
+
+        subject
+      end
+    end
+
     context 'when remote file is used' do
       before do
         stub_uploads_object_storage(uploader: uploader_class)
author	Stan Hu <stanhu@gmail.com>	2018-05-14 07:43:48 +0300
committer	Stan Hu <stanhu@gmail.com>	2018-05-14 07:49:51 +0300
commit	0c43170630b5b4e90e8f91526066435a06e077eb (patch)
tree	856916a4bfd52a3fba1ca3bddf6c9c4a21091bdc /spec/controllers
parent	40683268b2b5ad807194387d8345a30195e178c4 (diff)