diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-28 00:09:45 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-28 00:09:45 +0300 |
| commit | 370edfec486da54278725de2853913c3d5456145 (patch) | |
| tree | 857f4730ca6b5f55212bcde956e9e77fb4ee15a6 /spec/controllers | |
| parent | 7424d727b85dc0ac19544020a092f462a894a7df (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/controllers')
| -rw-r--r-- | spec/controllers/concerns/kas_cookie_spec.rb | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/spec/controllers/concerns/kas_cookie_spec.rb b/spec/controllers/concerns/kas_cookie_spec.rb index d80df106cfd..7ab48f12d83 100644 --- a/spec/controllers/concerns/kas_cookie_spec.rb +++ b/spec/controllers/concerns/kas_cookie_spec.rb @@ -56,6 +56,17 @@ RSpec.describe KasCookie, feature_category: :deployment_management do describe '#content_security_policy' do let_it_be(:user) { create(:user) } + let(:gitlab_config) do + Gitlab.config.gitlab.deep_merge( + { + 'host' => 'gitlab.example.com', + 'content_security_policy' => { 'enabled' => content_security_policy_enabled } + } + ) + end + + let(:content_security_policy_enabled) { true } + controller(ApplicationController) do include KasCookie @@ -65,7 +76,7 @@ RSpec.describe KasCookie, feature_category: :deployment_management do end before do - stub_config_setting(host: 'gitlab.example.com') + stub_config_setting(gitlab_config) sign_in(user) allow(::Gitlab::Kas).to receive(:enabled?).and_return(true) allow(::Gitlab::Kas).to receive(:tunnel_url).and_return(kas_tunnel_url) @@ -108,6 +119,14 @@ RSpec.describe KasCookie, feature_category: :deployment_management do it 'adds KAS url to CSP connect-src directive' do expect(kas_csp_connect_src).to include(::Gitlab::Kas.tunnel_url) end + + context 'when content_security_policy is disabled' do + let(:content_security_policy_enabled) { false } + + it 'does not add KAS url to CSP connect-src directive' do + expect(kas_csp_connect_src).not_to include(::Gitlab::Kas.tunnel_url) + end + end end context 'when KAS tunnel url is configured without trailing slash' do @@ -116,6 +135,14 @@ RSpec.describe KasCookie, feature_category: :deployment_management do it 'adds KAS url to CSP connect-src directive with trailing slash' do expect(kas_csp_connect_src).to include("#{::Gitlab::Kas.tunnel_url}/") end + + context 'when content_security_policy is disabled' do + let(:content_security_policy_enabled) { false } + + it 'does not add KAS url to CSP connect-src directive' do + expect(kas_csp_connect_src).not_to include("#{::Gitlab::Kas.tunnel_url}/") + end + end end end end |