discourse/spec/requests/csp_reports_controller_spec.rb
Jarek Radosz 3f0e767106
DEV: Use FakeLogger in RequestTracker specs (#16640)
`TestLogger` was responsible for some flaky specs runs:

```
Error during failsafe response: undefined method `debug' for #<TestLogger:0x0000556c4b942cf0 @warnings=1>
Did you mean?  debugger
```

This commit also cleans up other uses of `FakeLogger`
2022-05-05 09:53:54 +08:00

57 lines
1.7 KiB
Ruby

# frozen_string_literal: true
describe CspReportsController do
describe '#create' do
before do
SiteSetting.content_security_policy = true
SiteSetting.content_security_policy_collect_reports = true
@orig_logger = Rails.logger
Rails.logger = @fake_logger = FakeLogger.new
end
after do
Rails.logger = @orig_logger
end
def send_report
post '/csp_reports', params: {
"csp-report": {
"document-uri": "http://localhost:3000/",
"referrer": "",
"violated-directive": "script-src",
"effective-directive": "script-src",
"original-policy": "script-src 'unsafe-eval' www.google-analytics.com; report-uri /csp_reports",
"disposition": "report",
"blocked-uri": "http://suspicio.us/assets.js",
"line-number": 25,
"source-file": "http://localhost:3000/",
"status-code": 200,
"script-sample": "console.log('unsafe')"
}
}.to_json, headers: { "Content-Type": "application/csp-report" }
end
it 'is enabled by SiteSetting' do
SiteSetting.content_security_policy = false
SiteSetting.content_security_policy_report_only = false
SiteSetting.content_security_policy_collect_reports = true
send_report
expect(response.status).to eq(200)
SiteSetting.content_security_policy = true
send_report
expect(response.status).to eq(200)
SiteSetting.content_security_policy_collect_reports = false
send_report
expect(response.status).to eq(404)
end
it 'logs the violation report' do
send_report
expect(@fake_logger.warnings).to include("CSP Violation: 'http://suspicio.us/assets.js' \n\nconsole.log('unsafe')")
end
end
end