Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/lib/gitlab/content_security_policy/config_loader_spec.rb')
-rw-r--r--spec/lib/gitlab/content_security_policy/config_loader_spec.rb20
1 files changed, 20 insertions, 0 deletions
diff --git a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
index 44e2cb21677..2df85434f0e 100644
--- a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
+++ b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
@@ -183,6 +183,8 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
end
describe '#load' do
+ let(:default_directives) { described_class.default_directives }
+
subject { described_class.new(csp_config[:directives]) }
def expected_config(directive)
@@ -207,5 +209,23 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
expect(policy.directives['base-uri']).to be_nil
end
+
+ it 'returns default values for directives not defined by the user' do
+ # Explicitly disabling script_src and setting report_uri
+ csp_config[:directives] = {
+ script_src: false,
+ report_uri: 'https://example.org'
+ }
+
+ subject.load(policy)
+
+ expected_policy = ActionDispatch::ContentSecurityPolicy.new
+ # Creating a policy from default settings and manually overriding the custom values
+ described_class.new(default_directives).load(expected_policy)
+ expected_policy.script_src(nil)
+ expected_policy.report_uri('https://example.org')
+
+ expect(policy.directives).to eq(expected_policy.directives)
+ end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 10:14:26 +0300