diff options
author | Stan Hu <stanhu@gmail.com> | 2018-05-13 21:43:48 -0700 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-05-13 21:49:51 -0700 |
commit | 0c43170630b5b4e90e8f91526066435a06e077eb (patch) | |
tree | 856916a4bfd52a3fba1ca3bddf6c9c4a21091bdc /spec | |
parent | 40683268b2b5ad807194387d8345a30195e178c4 (diff) | |
download | gitlab-ce-0c43170630b5b4e90e8f91526066435a06e077eb.tar.gz |
Fix cross-origin errors when attempting to download JavaScript attachments
If you upload a file with a .js extension, Rails' cross-origin JavaScript
protection will prevent a user from downloading the file with a 422 error.
Setting the content-type to `text/plain` will allow the user to download
the file as a plaintext file.
Closes #45826
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/concerns/send_file_upload_spec.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/spec/controllers/concerns/send_file_upload_spec.rb b/spec/controllers/concerns/send_file_upload_spec.rb index f4c99ea4064..58bb91a0c80 100644 --- a/spec/controllers/concerns/send_file_upload_spec.rb +++ b/spec/controllers/concerns/send_file_upload_spec.rb @@ -51,6 +51,21 @@ describe SendFileUpload do end end + context 'with attachment' do + subject { controller.send_upload(uploader, attachment: 'test.js') } + + it 'sends a file with content-type of text/plain' do + expected_params = { + content_type: 'text/plain', + filename: 'test.js', + disposition: 'attachment' + } + expect(controller).to receive(:send_file).with(uploader.path, expected_params) + + subject + end + end + context 'when remote file is used' do before do stub_uploads_object_storage(uploader: uploader_class) |