IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

Code review comments.

Browse Source
This commit is contained in:
Alan Guo Xiang Tan
2021-06-18 10:16:26 +08:00
parent 8e3691d537
commit 44aa46ca05
29 changed files with 159 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
spec/lib/content_security_policy_spec.rb
View File

@@ -274,7 +274,7 @@ describe ContentSecurityPolicy do
}
def theme_policy
policy([theme.id])
policy(theme.id)
end
it 'can be extended by themes' do
@@ -303,13 +303,23 @@ describe ContentSecurityPolicy do
theme.theme_modifier_set.csp_extensions = ["script-src: https://from-theme-flag.script", "worker-src: from-theme-flag.worker"]
theme.save!
child_theme = Fabricate(:theme, component: true)
theme.add_relative_theme!(:child, child_theme)
child_theme.theme_modifier_set.csp_extensions = ["script-src: https://child-theme-flag.script", "worker-src: child-theme-flag.worker"]
child_theme.save!
expect(parse(theme_policy)['script-src']).to include('https://from-theme-flag.script')
expect(parse(theme_policy)['script-src']).to include('https://child-theme-flag.script')
expect(parse(theme_policy)['worker-src']).to include('from-theme-flag.worker')
expect(parse(theme_policy)['worker-src']).to include('child-theme-flag.worker')
theme.destroy!
child_theme.destroy!
expect(parse(theme_policy)['script-src']).to_not include('https://from-theme-flag.script')
expect(parse(theme_policy)['worker-src']).to_not include('from-theme-flag.worker')
expect(parse(theme_policy)['worker-src']).to_not include('from-theme-flag.worker')
expect(parse(theme_policy)['worker-src']).to_not include('child-theme-flag.worker')
end
it 'is extended automatically when themes reference external scripts' do
@@ -352,7 +362,7 @@ describe ContentSecurityPolicy do
end.to_h
end
def policy(theme_ids = [], path_info: "/")
ContentSecurityPolicy.policy(theme_ids, path_info: path_info)
def policy(theme_id = nil, path_info: "/")
ContentSecurityPolicy.policy(theme_id, path_info: path_info)
end
end