diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-20 13:00:54 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-20 13:00:54 +0300 |
commit | 3cccd102ba543e02725d247893729e5c73b38295 (patch) | |
tree | f36a04ec38517f5deaaacb5acc7d949688d1e187 /workhorse/internal/senddata/contentprocessor/contentprocessor_test.go | |
parent | 205943281328046ef7b4528031b90fbda70c75ac (diff) |
Add latest changes from gitlab-org/gitlab@14-10-stable-eev14.10.0-rc42
Diffstat (limited to 'workhorse/internal/senddata/contentprocessor/contentprocessor_test.go')
-rw-r--r-- | workhorse/internal/senddata/contentprocessor/contentprocessor_test.go | 52 |
1 files changed, 37 insertions, 15 deletions
diff --git a/workhorse/internal/senddata/contentprocessor/contentprocessor_test.go b/workhorse/internal/senddata/contentprocessor/contentprocessor_test.go index 2396bb0f952..b009cda1a24 100644 --- a/workhorse/internal/senddata/contentprocessor/contentprocessor_test.go +++ b/workhorse/internal/senddata/contentprocessor/contentprocessor_test.go @@ -56,12 +56,18 @@ func TestSetProperContentTypeAndDisposition(t *testing.T) { body: "<html><body>Hello world!</body></html>", }, { - desc: "Javascript type", + desc: "Javascript within HTML type", contentType: "text/plain; charset=utf-8", contentDisposition: "inline", body: "<script>alert(\"foo\")</script>", }, { + desc: "Javascript type", + contentType: "text/plain; charset=utf-8", + contentDisposition: "inline", + body: "alert(\"foo\")", + }, + { desc: "Image type", contentType: "image/png", contentDisposition: "inline", @@ -170,25 +176,41 @@ func TestSetProperContentTypeAndDisposition(t *testing.T) { } func TestFailOverrideContentType(t *testing.T) { - testCase := struct { - contentType string - body string + testCases := []struct { + desc string + overrideFromUpstream string + responseContentType string + body string }{ - contentType: "text/plain; charset=utf-8", - body: "<html><body>Hello world!</body></html>", + { + desc: "Force text/html into text/plain", + responseContentType: "text/plain; charset=utf-8", + overrideFromUpstream: "text/html; charset=utf-8", + body: "<html><body>Hello world!</body></html>", + }, + { + desc: "Force application/javascript into text/plain", + responseContentType: "text/plain; charset=utf-8", + overrideFromUpstream: "application/javascript; charset=utf-8", + body: "alert(1);", + }, } - h := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { - // We are pretending to be upstream or an inner layer of the ResponseWriter chain - w.Header().Set(headers.GitlabWorkhorseDetectContentTypeHeader, "true") - w.Header().Set(headers.ContentTypeHeader, "text/html; charset=utf-8") - _, err := io.WriteString(w, testCase.body) - require.NoError(t, err) - }) + for _, tc := range testCases { + t.Run(tc.desc, func(t *testing.T) { + h := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { + // We are pretending to be upstream or an inner layer of the ResponseWriter chain + w.Header().Set(headers.GitlabWorkhorseDetectContentTypeHeader, "true") + w.Header().Set(headers.ContentTypeHeader, tc.overrideFromUpstream) + _, err := io.WriteString(w, tc.body) + require.NoError(t, err) + }) - resp := makeRequest(t, h, testCase.body, "") + resp := makeRequest(t, h, tc.body, "") - require.Equal(t, testCase.contentType, resp.Header.Get(headers.ContentTypeHeader)) + require.Equal(t, tc.responseContentType, resp.Header.Get(headers.ContentTypeHeader)) + }) + } } func TestSuccessOverrideContentDispositionFromInlineToAttachment(t *testing.T) { |