Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/lib/gitlab/content_security_policy/config_loader_spec.rb')
-rw-r--r--spec/lib/gitlab/content_security_policy/config_loader_spec.rb53
1 files changed, 48 insertions, 5 deletions
diff --git a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
index f298890623f..ffb651fe23c 100644
--- a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
+++ b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
@@ -102,11 +102,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
end
describe 'Zuora directives' do
- context 'when is Gitlab.com?' do
- before do
- allow(::Gitlab).to receive(:com?).and_return(true)
- end
-
+ context 'when on SaaS', :saas do
it 'adds Zuora host to CSP' do
expect(directives['frame_src']).to include('https://*.zuora.com/apps/PublicHostedPageLite.do')
end
@@ -182,6 +178,53 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
end
end
+ context 'when KAS is configured' do
+ before do
+ stub_config_setting(host: 'gitlab.example.com')
+ allow(::Gitlab::Kas).to receive(:enabled?).and_return true
+ end
+
+ context 'when user access feature flag is disabled' do
+ before do
+ stub_feature_flags(kas_user_access: false)
+ end
+
+ it 'does not add KAS url to CSP' do
+ expect(directives['connect_src']).not_to eq("'self' ws://gitlab.example.com #{::Gitlab::Kas.tunnel_url}")
+ end
+ end
+
+ context 'when user access feature flag is enabled' do
+ before do
+ stub_feature_flags(kas_user_access: true)
+ end
+
+ context 'when KAS is on same domain as rails' do
+ let_it_be(:kas_tunnel_url) { "ws://gitlab.example.com/-/k8s-proxy/" }
+
+ before do
+ allow(::Gitlab::Kas).to receive(:tunnel_url).and_return(kas_tunnel_url)
+ end
+
+ it 'does not add KAS url to CSP' do
+ expect(directives['connect_src']).not_to eq("'self' ws://gitlab.example.com #{::Gitlab::Kas.tunnel_url}")
+ end
+ end
+
+ context 'when KAS is on subdomain' do
+ let_it_be(:kas_tunnel_url) { "ws://kas.gitlab.example.com/k8s-proxy/" }
+
+ before do
+ allow(::Gitlab::Kas).to receive(:tunnel_url).and_return(kas_tunnel_url)
+ end
+
+ it 'does add KAS url to CSP' do
+ expect(directives['connect_src']).to eq("'self' ws://gitlab.example.com #{kas_tunnel_url}")
+ end
+ end
+ end
+ end
+
context 'when CUSTOMER_PORTAL_URL is set' do
let(:customer_portal_url) { 'https://customers.example.com' }
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-19 11:01:00 +0300