diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-20 17:22:11 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-20 17:22:11 +0300 |
commit | 0c872e02b2c822e3397515ec324051ff540f0cd5 (patch) | |
tree | ce2fb6ce7030e4dad0f4118d21ab6453e5938cdd /spec/requests/ide_controller_spec.rb | |
parent | f7e05a6853b12f02911494c4b3fe53d9540d74fc (diff) |
Add latest changes from gitlab-org/gitlab@15-7-stable-eev15.7.0-rc42
Diffstat (limited to 'spec/requests/ide_controller_spec.rb')
-rw-r--r-- | spec/requests/ide_controller_spec.rb | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/spec/requests/ide_controller_spec.rb b/spec/requests/ide_controller_spec.rb index 8d61399c824..b287ded799d 100644 --- a/spec/requests/ide_controller_spec.rb +++ b/spec/requests/ide_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe IdeController do +RSpec.describe IdeController, feature_category: :web_ide do using RSpec::Parameterized::TableSyntax let_it_be(:reporter) { create(:user) } @@ -21,7 +21,20 @@ RSpec.describe IdeController do let(:user) { creator } let(:branch) { '' } + def find_csp_frame_src + csp = response.headers['Content-Security-Policy'] + + # Transform "frame-src foo bar; connect-src foo bar; script-src ..." + # into array of connect-src values + csp.split(';') + .map(&:strip) + .find { |entry| entry.starts_with?('frame-src') } + .split(' ') + .drop(1) + end + before do + stub_feature_flags(vscode_web_ide: true) sign_in(user) end @@ -265,5 +278,17 @@ RSpec.describe IdeController do end end end + + describe 'frame-src content security policy' do + let(:route) { '/-/ide' } + + before do + subject + end + + it 'adds https://*.vscode-cdn.net in frame-src CSP policy' do + expect(find_csp_frame_src).to include("https://*.vscode-cdn.net/") + end + end end end |