Add latest changes from gitlab-org/gitlab@14-7-stable-eev14.7.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-01-20 12:16:11 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-01-20 12:16:11 +0300
commit: edaa33dee2ff2f7ea3fac488d41558eb5f86d68c (patch)
tree: 11f143effbfeba52329fb7afbd05e6e2a3790241 /spec/lib/gitlab/content_security_policy
parent: d8a5691316400a0f7ec4f83832698f1988eb27c1 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
index 56e3fc269e6..08d29f7842c 100644
--- a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
+++ b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
@@ -85,7 +85,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
         expect(directives['style_src']).to eq("'self' 'unsafe-inline' https://cdn.example.com")
         expect(directives['font_src']).to eq("'self' https://cdn.example.com")
         expect(directives['worker_src']).to eq('http://localhost/assets/ blob: data: https://cdn.example.com')
-        expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " https://cdn.example.com http://localhost/admin/ http://localhost/assets/ http://localhost/-/speedscope/index.html")
+        expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " https://cdn.example.com http://localhost/admin/ http://localhost/assets/ http://localhost/-/speedscope/index.html http://localhost/-/sandbox/mermaid")
       end
     end
 
@@ -113,7 +113,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
         end
 
         it 'does not add CUSTOMER_PORTAL_URL to CSP' do
-          expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " http://localhost/admin/ http://localhost/assets/ http://localhost/-/speedscope/index.html")
+          expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " http://localhost/admin/ http://localhost/assets/ http://localhost/-/speedscope/index.html http://localhost/-/sandbox/mermaid")
         end
       end
 
@@ -123,7 +123,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
         end
 
         it 'adds CUSTOMER_PORTAL_URL to CSP' do
-          expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " http://localhost/rails/letter_opener/ https://customers.example.com http://localhost/admin/ http://localhost/assets/ http://localhost/-/speedscope/index.html")
+          expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " http://localhost/rails/letter_opener/ https://customers.example.com http://localhost/admin/ http://localhost/assets/ http://localhost/-/speedscope/index.html http://localhost/-/sandbox/mermaid")
         end
       end
     end
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-01-20 12:16:11 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-01-20 12:16:11 +0300
commit	edaa33dee2ff2f7ea3fac488d41558eb5f86d68c (patch)
tree	11f143effbfeba52329fb7afbd05e6e2a3790241 /spec/lib/gitlab/content_security_policy
parent	d8a5691316400a0f7ec4f83832698f1988eb27c1 (diff)