diff options
Diffstat (limited to 'spec/lib/gitlab/content_security_policy/config_loader_spec.rb')
-rw-r--r-- | spec/lib/gitlab/content_security_policy/config_loader_spec.rb | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb index 44e2cb21677..2df85434f0e 100644 --- a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb +++ b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb @@ -183,6 +183,8 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do end describe '#load' do + let(:default_directives) { described_class.default_directives } + subject { described_class.new(csp_config[:directives]) } def expected_config(directive) @@ -207,5 +209,23 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do expect(policy.directives['base-uri']).to be_nil end + + it 'returns default values for directives not defined by the user' do + # Explicitly disabling script_src and setting report_uri + csp_config[:directives] = { + script_src: false, + report_uri: 'https://example.org' + } + + subject.load(policy) + + expected_policy = ActionDispatch::ContentSecurityPolicy.new + # Creating a policy from default settings and manually overriding the custom values + described_class.new(default_directives).load(expected_policy) + expected_policy.script_src(nil) + expected_policy.report_uri('https://example.org') + + expect(policy.directives).to eq(expected_policy.directives) + end end end |