4 Commits

Author	SHA1	Message	Date
Phil Pirozhkov	493d437e79	Add RSpec 4 compatibility (#17652) ... * Remove outdated option 04078317ba * Use the non-globally exposed RSpec syntax https://github.com/rspec/rspec-core/pull/2803 * Use the non-globally exposed RSpec syntax, cont https://github.com/rspec/rspec-core/pull/2803 * Comply to strict predicate matchers See: - https://github.com/rspec/rspec-expectations/pull/1195 - https://github.com/rspec/rspec-expectations/pull/1196 - https://github.com/rspec/rspec-expectations/pull/1277	2022-07-28 10:27:38 +08:00
David Taylor	c9dab6fd08	DEV: Automatically require 'rails_helper' in all specs (#16077) ... It's very easy to forget to add `require 'rails_helper'` at the top of every core/plugin spec file, and omissions can cause some very confusing/sporadic errors. By setting this flag in `.rspec`, we can remove the need for `require 'rails_helper'` entirely.	2022-03-01 17:50:50 +00:00
David Taylor	19814c5e81	FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180) ... - Define the CSP based on the requested domain / scheme (respecting force_https) - Update EnforceHostname middleware to allow secondary domains, add specs - Add URL scheme to anon cache key so that CSP headers are cached correctly	2020-03-19 19:54:42 +00:00
Kyle Zhao	488fba3c5f	FEATURE: allow plugins and themes to extend the default CSP (#6704) ... * FEATURE: allow plugins and themes to extend the default CSP For plugins: ``` extend_content_security_policy( script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'], style_src: ['https://domain.com/style.css'] ) ``` For themes and components: ``` extend_content_security_policy: type: list default: "script_src:https://domain.com/|style_src:https://domain.com" ``` * clear CSP base url before each test we have a test that stubs `Rails.env.development?` to true * Only allow extending directives that core includes, for now	2018-11-30 09:51:45 -05:00