diff options
Diffstat (limited to 'spec/controllers/projects/design_management/designs/raw_images_controller_spec.rb')
-rw-r--r-- | spec/controllers/projects/design_management/designs/raw_images_controller_spec.rb | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/spec/controllers/projects/design_management/designs/raw_images_controller_spec.rb b/spec/controllers/projects/design_management/designs/raw_images_controller_spec.rb index f664604ac15..e0f86876f67 100644 --- a/spec/controllers/projects/design_management/designs/raw_images_controller_spec.rb +++ b/spec/controllers/projects/design_management/designs/raw_images_controller_spec.rb @@ -37,13 +37,24 @@ RSpec.describe Projects::DesignManagement::Designs::RawImagesController do # For security, .svg images should only ever be served with Content-Disposition: attachment. # If this specs ever fails we must assess whether we should be serving svg images. # See https://gitlab.com/gitlab-org/gitlab/issues/12771 - it 'serves files with `Content-Disposition: attachment`' do + it 'serves files with `Content-Disposition` header set to attachment plus the filename' do subject - expect(response.header['Content-Disposition']).to eq('attachment') + expect(response.header['Content-Disposition']).to match "attachment; filename=\"#{design.filename}\"" expect(response).to have_gitlab_http_status(:ok) end + context 'when the feature flag attachment_with_filename is disabled' do + it 'serves files with just `attachment` in the disposition header' do + stub_feature_flags(attachment_with_filename: false) + + subject + + expect(response.header['Content-Disposition']).to eq('attachment') + expect(response).to have_gitlab_http_status(:ok) + end + end + it 'serves files with Workhorse' do subject |