1 files changed, 26 insertions, 0 deletions

diff --git a/spec/support/shared_examples/controllers/base_action_controller_shared_examples.rb b/spec/support/shared_examples/controllers/base_action_controller_shared_examples.rb
new file mode 100644
index 00000000000..5f236f25d35
--- /dev/null
+++ b/spec/support/shared_examples/controllers/base_action_controller_shared_examples.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+# Requires `request` subject to be defined
+#
+# subject(:request) { get root_path }
+RSpec.shared_examples 'Base action controller' do
+  describe 'security headers' do
+    describe 'Cross-Origin-Opener-Policy' do
+      it 'sets the header' do
+        request
+
+        expect(response.headers['Cross-Origin-Opener-Policy']).to eq('same-origin')
+      end
+
+      context 'when coop_header feature flag is disabled' do
+        it 'does not set the header' do
+          stub_feature_flags(coop_header: false)
+
+          request
+
+          expect(response.headers['Cross-Origin-Opener-Policy']).to be_nil
+        end
+      end
+    end
+  end
+end