Add latest changes from gitlab-org/gitlab@master

1 files changed, 31 insertions, 0 deletions

diff --git a/spec/features/ide/static_object_external_storage_csp_spec.rb b/spec/features/ide/static_object_external_storage_csp_spec.rb
new file mode 100644
index 00000000000..93c22b35786
--- /dev/null
+++ b/spec/features/ide/static_object_external_storage_csp_spec.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Static Object External Storage Content Security Policy' do
+  let_it_be(:user) { create(:user) }
+
+  shared_context 'disable feature' do
+    before do
+      allow_any_instance_of(ApplicationSetting).to receive(:static_objects_external_storage_url).and_return(nil)
+    end
+  end
+
+  it_behaves_like 'setting CSP connect-src' do
+    let_it_be(:whitelisted_url) { 'https://static-objects.test' }
+    let_it_be(:extended_controller_class) { IdeController }
+
+    subject do
+      visit ide_path
+
+      response_headers['Content-Security-Policy']
+    end
+
+    before do
+      allow_any_instance_of(ApplicationSetting).to receive(:static_objects_external_storage_url).and_return(whitelisted_url)
+      allow_any_instance_of(ApplicationSetting).to receive(:static_objects_external_storage_auth_token).and_return('letmein')
+
+      sign_in(user)
+    end
+  end
+end