File: sourcegraph_csp_spec.rb

package info (click to toggle)
gitlab 17.6.5-19
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 629,368 kB
  • sloc: ruby: 1,915,304; javascript: 557,307; sql: 60,639; xml: 6,509; sh: 4,567; makefile: 1,239; python: 406
file content (33 lines) | stat: -rw-r--r-- 1,056 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# frozen_string_literal: true

require 'spec_helper'

RSpec.describe 'Sourcegraph Content Security Policy', feature_category: :groups_and_projects do
  let_it_be(:user) { create(:user) }
  let_it_be(:project) { create(:project, :repository, namespace: user.namespace) }

  shared_context 'disable feature' do
    before do
      allow(Gitlab::CurrentSettings).to receive(:sourcegraph_enabled).and_return(false)
    end
  end

  it_behaves_like 'setting CSP', 'connect-src' do
    let_it_be(:sourcegraph_url) { 'https://sourcegraph.test' }
    let_it_be(:allowlisted_url) { "#{sourcegraph_url}/.api/" }
    let_it_be(:extended_controller_class) { Projects::BlobController }

    subject do
      visit project_blob_path(project, File.join('master', 'README.md'))

      response_headers['Content-Security-Policy']
    end

    before do
      allow(Gitlab::CurrentSettings).to receive(:sourcegraph_url).and_return(sourcegraph_url)
      allow(Gitlab::CurrentSettings).to receive(:sourcegraph_enabled).and_return(true)

      sign_in(user)
    end
  end
end