1 files changed, 37 insertions, 116 deletions

diff --git a/spec/requests/ide_controller_spec.rb b/spec/requests/ide_controller_spec.rb
index b287ded799d..fe7210e4372 100644
--- a/spec/requests/ide_controller_spec.rb
+++ b/spec/requests/ide_controller_spec.rb
@@ -19,16 +19,15 @@ RSpec.describe IdeController, feature_category: :web_ide do
   let_it_be(:top_nav_partial) { 'layouts/header/_default' }
 
   let(:user) { creator }
-  let(:branch) { '' }
 
-  def find_csp_frame_src
+  def find_csp_source(key)
     csp = response.headers['Content-Security-Policy']
 
-    # Transform "frame-src foo bar; connect-src foo bar; script-src ..."
-    # into array of connect-src values
+    # Transform "default-src foo bar; connect-src foo bar; script-src ..."
+    # into array of values for a single directive based on the given key
     csp.split(';')
       .map(&:strip)
-      .find { |entry| entry.starts_with?('frame-src') }
+      .find { |entry| entry.starts_with?(key) }
       .split(' ')
       .drop(1)
   end
@@ -42,14 +41,14 @@ RSpec.describe IdeController, feature_category: :web_ide do
     subject { get route }
 
     shared_examples 'user access rights check' do
-      context 'user can read project' do
+      context 'when user can read project' do
         it 'increases the views counter' do
           expect(Gitlab::UsageDataCounters::WebIdeCounter).to receive(:increment_views_count)
 
           subject
         end
 
-        context 'user can read project but cannot push code' do
+        context 'when user can read project but cannot push code' do
           include ProjectForksHelper
 
           let(:user) { reporter }
@@ -60,7 +59,15 @@ RSpec.describe IdeController, feature_category: :web_ide do
 
               expect(response).to have_gitlab_http_status(:ok)
               expect(assigns(:project)).to eq project
-              expect(assigns(:fork_info)).to eq({ fork_path: controller.helpers.ide_fork_and_edit_path(project, branch, '', with_notice: false) })
+
+              expect(assigns(:fork_info)).to eq({
+                fork_path: controller.helpers.ide_fork_and_edit_path(
+                  project,
+                  '',
+                  '',
+                  with_notice: false
+                )
+              })
             end
 
             it 'has nil fork_info if user cannot fork' do
@@ -81,13 +88,13 @@ RSpec.describe IdeController, feature_category: :web_ide do
 
               expect(response).to have_gitlab_http_status(:ok)
               expect(assigns(:project)).to eq project
-              expect(assigns(:fork_info)).to eq({ ide_path: controller.helpers.ide_edit_path(fork, branch, '') })
+              expect(assigns(:fork_info)).to eq({ ide_path: controller.helpers.ide_edit_path(fork, '', '') })
             end
           end
         end
       end
 
-      context 'user cannot read project' do
+      context 'when user cannot read project' do
         let(:user) { other_user }
 
         it 'returns 404' do
@@ -98,7 +105,7 @@ RSpec.describe IdeController, feature_category: :web_ide do
       end
     end
 
-    context '/-/ide' do
+    context 'with /-/ide' do
       let(:route) { '/-/ide' }
 
       it 'returns 404' do
@@ -108,7 +115,7 @@ RSpec.describe IdeController, feature_category: :web_ide do
       end
     end
 
-    context '/-/ide/project' do
+    context 'with /-/ide/project' do
       let(:route) { '/-/ide/project' }
 
       it 'returns 404' do
@@ -118,7 +125,7 @@ RSpec.describe IdeController, feature_category: :web_ide do
       end
     end
 
-    context '/-/ide/project/:project' do
+    context 'with /-/ide/project/:project' do
       let(:route) { "/-/ide/project/#{project.full_path}" }
 
       it 'instantiates project instance var and returns 200' do
@@ -126,16 +133,13 @@ RSpec.describe IdeController, feature_category: :web_ide do
 
         expect(response).to have_gitlab_http_status(:ok)
         expect(assigns(:project)).to eq project
-        expect(assigns(:branch)).to be_nil
-        expect(assigns(:path)).to be_nil
-        expect(assigns(:merge_request)).to be_nil
         expect(assigns(:fork_info)).to be_nil
       end
 
       it_behaves_like 'user access rights check'
 
-      %w(edit blob tree).each do |action|
-        context "/-/ide/project/:project/#{action}" do
+      %w[edit blob tree].each do |action|
+        context "with /-/ide/project/:project/#{action}" do
           let(:route) { "/-/ide/project/#{project.full_path}/#{action}" }
 
           it 'instantiates project instance var and returns 200' do
@@ -143,89 +147,13 @@ RSpec.describe IdeController, feature_category: :web_ide do
 
             expect(response).to have_gitlab_http_status(:ok)
             expect(assigns(:project)).to eq project
-            expect(assigns(:branch)).to be_nil
-            expect(assigns(:path)).to be_nil
-            expect(assigns(:merge_request)).to be_nil
             expect(assigns(:fork_info)).to be_nil
           end
 
           it_behaves_like 'user access rights check'
-
-          context "/-/ide/project/:project/#{action}/:branch" do
-            let(:branch) { 'master' }
-            let(:route) { "/-/ide/project/#{project.full_path}/#{action}/#{branch}" }
-
-            it 'instantiates project and branch instance vars and returns 200' do
-              subject
-
-              expect(response).to have_gitlab_http_status(:ok)
-              expect(assigns(:project)).to eq project
-              expect(assigns(:branch)).to eq branch
-              expect(assigns(:path)).to be_nil
-              expect(assigns(:merge_request)).to be_nil
-              expect(assigns(:fork_info)).to be_nil
-            end
-
-            it_behaves_like 'user access rights check'
-
-            context "/-/ide/project/:project/#{action}/:branch/-" do
-              let(:branch) { 'branch/slash' }
-              let(:route) { "/-/ide/project/#{project.full_path}/#{action}/#{branch}/-" }
-
-              it 'instantiates project and branch instance vars and returns 200' do
-                subject
-
-                expect(response).to have_gitlab_http_status(:ok)
-                expect(assigns(:project)).to eq project
-                expect(assigns(:branch)).to eq branch
-                expect(assigns(:path)).to be_nil
-                expect(assigns(:merge_request)).to be_nil
-                expect(assigns(:fork_info)).to be_nil
-              end
-
-              it_behaves_like 'user access rights check'
-
-              context "/-/ide/project/:project/#{action}/:branch/-/:path" do
-                let(:branch) { 'master' }
-                let(:route) { "/-/ide/project/#{project.full_path}/#{action}/#{branch}/-/foo/.bar" }
-
-                it 'instantiates project, branch, and path instance vars and returns 200' do
-                  subject
-
-                  expect(response).to have_gitlab_http_status(:ok)
-                  expect(assigns(:project)).to eq project
-                  expect(assigns(:branch)).to eq branch
-                  expect(assigns(:path)).to eq 'foo/.bar'
-                  expect(assigns(:merge_request)).to be_nil
-                  expect(assigns(:fork_info)).to be_nil
-                end
-
-                it_behaves_like 'user access rights check'
-              end
-            end
-          end
         end
       end
 
-      context '/-/ide/project/:project/merge_requests/:merge_request_id' do
-        let!(:merge_request) { create(:merge_request, source_project: project, target_project: project) }
-
-        let(:route) { "/-/ide/project/#{project.full_path}/merge_requests/#{merge_request.id}" }
-
-        it 'instantiates project and merge_request instance vars and returns 200' do
-          subject
-
-          expect(response).to have_gitlab_http_status(:ok)
-          expect(assigns(:project)).to eq project
-          expect(assigns(:branch)).to be_nil
-          expect(assigns(:path)).to be_nil
-          expect(assigns(:merge_request)).to eq merge_request.id.to_s
-          expect(assigns(:fork_info)).to be_nil
-        end
-
-        it_behaves_like 'user access rights check'
-      end
-
       describe 'Snowplow view event', :snowplow do
         it 'is tracked' do
           subject
@@ -237,33 +165,18 @@ RSpec.describe IdeController, feature_category: :web_ide do
             user: user
           )
         end
-
-        context 'when route_hll_to_snowplow_phase2 FF is disabled' do
-          before do
-            stub_feature_flags(route_hll_to_snowplow_phase2: false)
-          end
-
-          it 'does not track Snowplow event' do
-            subject
-
-            expect_no_snowplow_event
-          end
-        end
       end
 
       # This indirectly tests that `minimal: true` was passed to the fullscreen layout
       describe 'layout' do
-        where(:ff_state, :use_legacy_web_ide, :expect_top_nav) do
-          false | false | true
-          false | true  | true
-          true  | true  | true
-          true  | false | false
+        where(:ff_state, :expect_top_nav) do
+          false | true
+          true  | false
         end
 
         with_them do
           before do
             stub_feature_flags(vscode_web_ide: ff_state)
-            allow(user).to receive(:use_legacy_web_ide).and_return(use_legacy_web_ide)
 
             subject
           end
@@ -279,15 +192,23 @@ RSpec.describe IdeController, feature_category: :web_ide do
       end
     end
 
-    describe 'frame-src content security policy' do
+    describe 'content security policy' do
       let(:route) { '/-/ide' }
 
-      before do
+      it 'updates the content security policy with the correct frame sources' do
         subject
+
+        expect(find_csp_source('frame-src')).to include("http://www.example.com/assets/webpack/", "https://*.vscode-cdn.net/")
+        expect(find_csp_source('worker-src')).to include("http://www.example.com/assets/webpack/")
       end
 
-      it 'adds https://*.vscode-cdn.net in frame-src CSP policy' do
-        expect(find_csp_frame_src).to include("https://*.vscode-cdn.net/")
+      it 'with relative_url_root, updates the content security policy with the correct frame sources' do
+        stub_config_setting(relative_url_root: '/gitlab')
+
+        subject
+
+        expect(find_csp_source('frame-src')).to include("http://www.example.com/gitlab/assets/webpack/")
+        expect(find_csp_source('worker-src')).to include("http://www.example.com/gitlab/assets/webpack/")
       end
     end
   end