diff options
Diffstat (limited to 'spec/requests/content_security_policy_spec.rb')
-rw-r--r-- | spec/requests/content_security_policy_spec.rb | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/spec/requests/content_security_policy_spec.rb b/spec/requests/content_security_policy_spec.rb index 3f0665f1ce5..3ce7e33d88a 100644 --- a/spec/requests/content_security_policy_spec.rb +++ b/spec/requests/content_security_policy_spec.rb @@ -7,6 +7,7 @@ require 'spec_helper' # of testing in application_controller_spec. RSpec.describe 'Content Security Policy', feature_category: :application_instrumentation do let(:snowplow_host) { 'snowplow.example.com' } + let(:vite_origin) { "#{ViteRuby.instance.config.host}:#{ViteRuby.instance.config.port}" } shared_examples 'snowplow is not in the CSP' do it 'does not add the snowplow collector hostname to the CSP' do @@ -46,5 +47,33 @@ RSpec.describe 'Content Security Policy', feature_category: :application_instrum it_behaves_like 'snowplow is not in the CSP' end + + context 'when vite enabled during development', + quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/424334' do + before do + stub_rails_env('development') + stub_feature_flags(vite: true) + + get explore_root_url + end + + it 'adds vite csp' do + expect(response).to have_gitlab_http_status(:ok) + expect(response.headers['Content-Security-Policy']).to include(vite_origin) + end + end + + context 'when vite disabled' do + before do + stub_feature_flags(vite: false) + + get explore_root_url + end + + it "doesn't add vite csp" do + expect(response).to have_gitlab_http_status(:ok) + expect(response.headers['Content-Security-Policy']).not_to include(vite_origin) + end + end end end |