diff options
Diffstat (limited to 'spec/lib')
-rw-r--r-- | spec/lib/api/entities/release_spec.rb | 22 | ||||
-rw-r--r-- | spec/lib/gitlab/content_security_policy/config_loader_spec.rb | 18 |
2 files changed, 18 insertions, 22 deletions
diff --git a/spec/lib/api/entities/release_spec.rb b/spec/lib/api/entities/release_spec.rb index 4f40830a15c..aa2c5126bb9 100644 --- a/spec/lib/api/entities/release_spec.rb +++ b/spec/lib/api/entities/release_spec.rb @@ -8,7 +8,8 @@ RSpec.describe API::Entities::Release do let(:release) { create(:release, project: project) } let(:evidence) { release.evidences.first } let(:user) { create(:user) } - let(:entity) { described_class.new(release, current_user: user).as_json } + let(:entity) { described_class.new(release, current_user: user, include_html_description: include_html_description).as_json } + let(:include_html_description) { false } before do ::Releases::CreateEvidenceService.new(release).execute @@ -58,10 +59,8 @@ RSpec.describe API::Entities::Release do expect(description_html).to be_nil end - context 'when remove_description_html_in_release_api feature flag is disabled' do - before do - stub_feature_flags(remove_description_html_in_release_api: false) - end + context 'when include_html_description option is true' do + let(:include_html_description) { true } it 'renders special references if current user has access' do project.add_reporter(user) @@ -77,18 +76,5 @@ RSpec.describe API::Entities::Release do expect(description_html).not_to include(issue_title) end end - - context 'when remove_description_html_in_release_api_override feature flag is enabled' do - before do - stub_feature_flags(remove_description_html_in_release_api_override: project) - end - - it 'renders special references if current user has access' do - project.add_reporter(user) - - expect(description_html).to include(issue_path) - expect(description_html).to include(issue_title) - end - end end end diff --git a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb index 41a6c06f9c9..19e52d2cf4a 100644 --- a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb +++ b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb @@ -20,9 +20,9 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do end describe '.default_settings_hash' do - it 'returns defaults for all keys' do - settings = described_class.default_settings_hash + let(:settings) { described_class.default_settings_hash } + it 'returns defaults for all keys' do expect(settings['enabled']).to be_truthy expect(settings['report_only']).to be_falsey @@ -35,6 +35,17 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do expect(directives.has_key?('report_uri')).to be_truthy expect(directives['report_uri']).to be_nil + expect(directives['child_src']).to eq(directives['frame_src']) + end + + context 'when in production' do + before do + allow(Rails).to receive(:env).and_return(ActiveSupport::StringInquirer.new('production')) + end + + it 'is disabled' do + expect(settings['enabled']).to be_falsey + end end context 'when GITLAB_CDN_HOST is set' do @@ -43,10 +54,9 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do end it 'adds GITLAB_CDN_HOST to CSP' do - settings = described_class.default_settings_hash directives = settings['directives'] - expect(directives['script_src']).to eq("'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.recaptcha.net https://apis.google.com https://example.com") + expect(directives['script_src']).to eq("'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.recaptcha.net https://apis.google.com https://example.com") expect(directives['style_src']).to eq("'self' 'unsafe-inline' https://example.com") end end |