summaryrefslogtreecommitdiff
path: root/qa
diff options
context:
space:
mode:
Diffstat (limited to 'qa')
-rw-r--r--qa/qa/specs/features/api/3_create/repository/files_spec.rb43
1 files changed, 43 insertions, 0 deletions
diff --git a/qa/qa/specs/features/api/3_create/repository/files_spec.rb b/qa/qa/specs/features/api/3_create/repository/files_spec.rb
index f6f020da472..dc471128dae 100644
--- a/qa/qa/specs/features/api/3_create/repository/files_spec.rb
+++ b/qa/qa/specs/features/api/3_create/repository/files_spec.rb
@@ -59,5 +59,48 @@ module QA
a_hash_including(message: '202 Accepted')
)
end
+
+ describe 'raw file access' do
+ let(:svg_file) do
+ <<-SVG
+ <?xml version="1.0" standalone="no"?>
+ <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+ <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+ <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
+ <script type="text/javascript">
+ alert("surprise");
+ </script>
+ </svg>
+ SVG
+ end
+
+ it 'sets no-cache headers as expected' do
+ create_project_request = Runtime::API::Request.new(@api_client, '/projects')
+ post create_project_request.url, path: project_name, name: project_name
+
+ create_file_request = Runtime::API::Request.new(@api_client, "/projects/#{sanitized_project_path}/repository/files/test.svg")
+ post create_file_request.url, branch: 'master', content: svg_file, commit_message: 'Add test.svg'
+
+ get_file_request = Runtime::API::Request.new(@api_client, "/projects/#{sanitized_project_path}/repository/files/test.svg/raw", ref: 'master')
+
+ 3.times do
+ response = get get_file_request.url
+
+ # Subsequent responses aren't cached, so headers should match from
+ # request to request, especially a 200 response rather than a 304
+ # (indicating a cached response.) Further, :content_disposition
+ # should include `attachment` for all responses.
+ #
+ expect(response.headers[:cache_control]).to include("no-store")
+ expect(response.headers[:cache_control]).to include("no-cache")
+ expect(response.headers[:pragma]).to eq("no-cache")
+ expect(response.headers[:expires]).to eq("Fri, 01 Jan 1990 00:00:00 GMT")
+ expect(response.headers[:content_disposition]).to include("attachment")
+ expect(response.headers[:content_disposition]).not_to include("inline")
+ expect(response.headers[:content_type]).to include("image/svg+xml")
+ end
+ end
+ end
end
end
View Lorry Controller Status