diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-20 15:40:28 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-20 15:40:28 +0000 |
commit | b595cb0c1dec83de5bdee18284abe86614bed33b (patch) | |
tree | 8c3d4540f193c5ff98019352f554e921b3a41a72 /spec/lib/gitlab/content_security_policy/config_loader_spec.rb | |
parent | 2f9104a328fc8a4bddeaa4627b595166d24671d0 (diff) | |
download | gitlab-ce-b595cb0c1dec83de5bdee18284abe86614bed33b.tar.gz |
Add latest changes from gitlab-org/gitlab@15-2-stable-eev15.2.0-rc42
Diffstat (limited to 'spec/lib/gitlab/content_security_policy/config_loader_spec.rb')
-rw-r--r-- | spec/lib/gitlab/content_security_policy/config_loader_spec.rb | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb index 109e83be294..616fe15c1a6 100644 --- a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb +++ b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb @@ -92,11 +92,11 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do context 'when sentry is configured' do before do stub_sentry_settings - stub_config_setting(host: 'example.com') + stub_config_setting(host: 'gitlab.example.com') end it 'adds sentry path to CSP without user' do - expect(directives['connect_src']).to eq("'self' ws://example.com dummy://example.com/43") + expect(directives['connect_src']).to eq("'self' ws://gitlab.example.com dummy://example.com") end end @@ -146,7 +146,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do let(:snowplow_micro_url) { "http://#{snowplow_micro_hostname}/" } before do - stub_env('SNOWPLOW_MICRO_ENABLE', 1) + stub_config(snowplow_micro: { enabled: true }) allow(Gitlab::Tracking).to receive(:collector_hostname).and_return(snowplow_micro_hostname) end @@ -169,9 +169,9 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do expect(directives['connect_src']).to match(Regexp.new(snowplow_micro_url)) end - context 'when not enabled using ENV[SNOWPLOW_MICRO_ENABLE]' do + context 'when not enabled using config' do before do - stub_env('SNOWPLOW_MICRO_ENABLE', nil) + stub_config(snowplow_micro: { enabled: false }) end it 'does not add Snowplow Micro URL to connect-src' do @@ -220,10 +220,11 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do expect(policy.directives['base-uri']).to be_nil end - it 'returns default values for directives not defined by the user' do + it 'returns default values for directives not defined by the user or with <default_value> and disables directives set to false' do # Explicitly disabling script_src and setting report_uri csp_config[:directives] = { script_src: false, + style_src: '<default_value>', report_uri: 'https://example.org' } |