2018-11-18 21:45:40 +03:00
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"net/http"
"testing"
"github.com/stretchr/testify/assert"
)
func TestDownloadByID ( t * testing . T ) {
2019-11-26 02:21:37 +03:00
defer prepareTestEnv ( t ) ( )
2018-11-18 21:45:40 +03:00
session := loginUser ( t , "user2" )
// Request raw blob
req := NewRequest ( t , "GET" , "/user2/repo1/raw/blob/4b4851ad51df6a7d9f25c979345979eaeb5b349f" )
resp := session . MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , "# repo1\n\nDescription for repo1" , resp . Body . String ( ) )
}
2019-02-12 18:09:43 +03:00
2021-01-13 06:45:19 +03:00
func TestDownloadByIDForSVGUsesSecureHeaders ( t * testing . T ) {
defer prepareTestEnv ( t ) ( )
session := loginUser ( t , "user2" )
// Request raw blob
req := NewRequest ( t , "GET" , "/user2/repo2/raw/blob/6395b68e1feebb1e4c657b4f9f6ba2676a283c0b" )
resp := session . MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , "default-src 'none'; style-src 'unsafe-inline'; sandbox" , resp . HeaderMap . Get ( "Content-Security-Policy" ) )
assert . Equal ( t , "image/svg+xml" , resp . HeaderMap . Get ( "Content-Type" ) )
assert . Equal ( t , "nosniff" , resp . HeaderMap . Get ( "X-Content-Type-Options" ) )
}
2019-02-12 18:09:43 +03:00
func TestDownloadByIDMedia ( t * testing . T ) {
2019-11-26 02:21:37 +03:00
defer prepareTestEnv ( t ) ( )
2019-02-12 18:09:43 +03:00
session := loginUser ( t , "user2" )
// Request raw blob
req := NewRequest ( t , "GET" , "/user2/repo1/media/blob/4b4851ad51df6a7d9f25c979345979eaeb5b349f" )
resp := session . MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , "# repo1\n\nDescription for repo1" , resp . Body . String ( ) )
}
2021-01-13 06:45:19 +03:00
func TestDownloadByIDMediaForSVGUsesSecureHeaders ( t * testing . T ) {
defer prepareTestEnv ( t ) ( )
session := loginUser ( t , "user2" )
// Request raw blob
req := NewRequest ( t , "GET" , "/user2/repo2/media/blob/6395b68e1feebb1e4c657b4f9f6ba2676a283c0b" )
resp := session . MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , "default-src 'none'; style-src 'unsafe-inline'; sandbox" , resp . HeaderMap . Get ( "Content-Security-Policy" ) )
assert . Equal ( t , "image/svg+xml" , resp . HeaderMap . Get ( "Content-Type" ) )
assert . Equal ( t , "nosniff" , resp . HeaderMap . Get ( "X-Content-Type-Options" ) )
}