Add latest changes from gitlab-org/gitlab@15-2-stable-eev15.2.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-07-20 15:40:28 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-07-20 15:40:28 +0000
commit: b595cb0c1dec83de5bdee18284abe86614bed33b (patch)
tree: 8c3d4540f193c5ff98019352f554e921b3a41a72 /spec/lib/gitlab/content_security_policy/config_loader_spec.rb
parent: 2f9104a328fc8a4bddeaa4627b595166d24671d0 (diff)
download: gitlab-ce-b595cb0c1dec83de5bdee18284abe86614bed33b.tar.gz
1 files changed, 7 insertions, 6 deletions
diff --git a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
index 109e83be294..616fe15c1a6 100644
--- a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
+++ b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
@@ -92,11 +92,11 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
     context 'when sentry is configured' do
       before do
         stub_sentry_settings
-        stub_config_setting(host: 'example.com')
+        stub_config_setting(host: 'gitlab.example.com')
       end
 
       it 'adds sentry path to CSP without user' do
-        expect(directives['connect_src']).to eq("'self' ws://example.com dummy://example.com/43")
+        expect(directives['connect_src']).to eq("'self' ws://gitlab.example.com dummy://example.com")
       end
     end
 
@@ -146,7 +146,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
       let(:snowplow_micro_url) { "http://#{snowplow_micro_hostname}/" }
 
       before do
-        stub_env('SNOWPLOW_MICRO_ENABLE', 1)
+        stub_config(snowplow_micro: { enabled: true })
         allow(Gitlab::Tracking).to receive(:collector_hostname).and_return(snowplow_micro_hostname)
       end
 
@@ -169,9 +169,9 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
           expect(directives['connect_src']).to match(Regexp.new(snowplow_micro_url))
         end
 
-        context 'when not enabled using ENV[SNOWPLOW_MICRO_ENABLE]' do
+        context 'when not enabled using config' do
           before do
-            stub_env('SNOWPLOW_MICRO_ENABLE', nil)
+            stub_config(snowplow_micro: { enabled: false })
           end
 
           it 'does not add Snowplow Micro URL to connect-src' do
@@ -220,10 +220,11 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
       expect(policy.directives['base-uri']).to be_nil
     end
 
-    it 'returns default values for directives not defined by the user' do
+    it 'returns default values for directives not defined by the user or with <default_value> and disables directives set to false' do
       # Explicitly disabling script_src and setting report_uri
       csp_config[:directives] = {
         script_src: false,
+        style_src: '<default_value>',
         report_uri: 'https://example.org'
       }
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-07-20 15:40:28 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-07-20 15:40:28 +0000
commit	b595cb0c1dec83de5bdee18284abe86614bed33b (patch)
tree	8c3d4540f193c5ff98019352f554e921b3a41a72 /spec/lib/gitlab/content_security_policy/config_loader_spec.rb
parent	2f9104a328fc8a4bddeaa4627b595166d24671d0 (diff)
download	gitlab-ce-b595cb0c1dec83de5bdee18284abe86614bed33b.tar.gz