diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-11-01 09:25:49 +0000 |
|---|---|---|
| committer | Winnie Hellmann <winnie@gitlab.com> | 2017-11-07 19:26:16 +0000 |
| commit | 7521d0cb07f70a1193146b7c7c7556d4f25b35aa (patch) | |
| tree | 4b83b48818c689b8bbc25d7602db5483b9c1d04f /spec | |
| parent | ebf9d0c4e33ea1c7058c0d9b9121e6a8d03f034f (diff) | |
| download | gitlab-ce-7521d0cb07f70a1193146b7c7c7556d4f25b35aa.tar.gz | |
Merge branch '36099-api-responses-missing-x-content-type-options-header' into '10-1-stable'
Include X-Content-Type-Options (XCTO) header into API responses
See merge request gitlab/gitlabhq!2211
(cherry picked from commit 6c818e77f2abeef2dd7b17a269611b018701fa79)
e087e075 Include X-Content-Type-Options (XCTO) header into API responses
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/requests/api/projects_spec.rb | 6 | ||||
| -rw-r--r-- | spec/support/matchers/security_header_matcher.rb | 5 |
2 files changed, 11 insertions, 0 deletions
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index 5964244f8c5..2e3416cb74d 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -50,6 +50,12 @@ describe API::Projects do expect(json_response).to be_an Array expect(json_response.map { |p| p['id'] }).to contain_exactly(*projects.map(&:id)) end + + it 'returns the proper security headers' do + get api('/projects', current_user), filter + + expect(response).to include_security_headers + end end shared_examples_for 'projects response without N + 1 queries' do diff --git a/spec/support/matchers/security_header_matcher.rb b/spec/support/matchers/security_header_matcher.rb new file mode 100644 index 00000000000..f8518d13ebb --- /dev/null +++ b/spec/support/matchers/security_header_matcher.rb @@ -0,0 +1,5 @@ +RSpec::Matchers.define :include_security_headers do |expected| + match do |actual| + expect(actual.headers).to include('X-Content-Type-Options') + end +end |