diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-16 18:08:22 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-16 18:08:22 +0000 |
| commit | 123c68a7cf788ace140e57e478a12c5b7ac893ae (patch) | |
| tree | b36e565ecd895ee46c1713f3734308cfce0e6ba9 /spec/controllers | |
| parent | 862d225ca0d8eb452e56b8fe5a0109aac796e872 (diff) | |
| download | gitlab-ce-123c68a7cf788ace140e57e478a12c5b7ac893ae.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/controllers')
| -rw-r--r-- | spec/controllers/uploads_controller_spec.rb | 35 |
1 files changed, 25 insertions, 10 deletions
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb index f35babc1b56..ff15e685007 100644 --- a/spec/controllers/uploads_controller_spec.rb +++ b/spec/controllers/uploads_controller_spec.rb @@ -196,24 +196,39 @@ describe UploadsController do describe "GET show" do context 'Content-Disposition security measures' do + let(:expected_disposition) { 'inline;' } let(:project) { create(:project, :public) } - context 'for PNG files' do - it 'returns Content-Disposition: inline' do - note = create(:note, :with_attachment, project: project) - get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'dk.png' } + shared_examples_for 'uploaded file with disposition' do + it 'returns correct Content-Disposition' do + get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: filename } - expect(response['Content-Disposition']).to start_with('inline;') + expect(response['Content-Disposition']).to start_with(expected_disposition) end end + context 'for PNG files' do + let(:filename) { 'dk.png' } + let(:expected_disposition) { 'inline;' } + let(:note) { create(:note, :with_attachment, project: project) } + + it_behaves_like 'uploaded file with disposition' + end + + context 'for PDF files' do + let(:filename) { 'git-cheat-sheet.pdf' } + let(:expected_disposition) { 'inline;' } + let(:note) { create(:note, :with_pdf_attachment, project: project) } + + it_behaves_like 'uploaded file with disposition' + end + context 'for SVG files' do - it 'returns Content-Disposition: attachment' do - note = create(:note, :with_svg_attachment, project: project) - get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'unsanitized.svg' } + let(:filename) { 'unsanitized.svg' } + let(:expected_disposition) { 'attachment;' } + let(:note) { create(:note, :with_svg_attachment, project: project) } - expect(response['Content-Disposition']).to start_with('attachment;') - end + it_behaves_like 'uploaded file with disposition' end end |