Replace whitelist with allowlist in specs

8d40556a · dcouture · 29399b2e · 8d40556a · 8d40556a · 8d40556a
Commit 8d40556a authored Oct 27, 2021 by dcouture
4 changed files
--- a/spec/features/ide/clientside_preview_csp_spec.rb
+++ b/spec/features/ide/clientside_preview_csp_spec.rb
@@ -12,7 +12,7 @@ RSpec.describe 'IDE Clientside Preview CSP' do
  end

  it_behaves_like 'setting CSP', 'frame-src' do
-    let(:whitelisted_url) { 'https://sandbox.gitlab-static.test' }
+    let(:allowlisted_url) { 'https://sandbox.gitlab-static.test' }
    let(:extended_controller_class) { IdeController }

    subject do
@@ -23,7 +23,7 @@ RSpec.describe 'IDE Clientside Preview CSP' do

    before do
      stub_application_setting(web_ide_clientside_preview_enabled: true)
-      stub_application_setting(web_ide_clientside_preview_bundler_url: whitelisted_url)
+      stub_application_setting(web_ide_clientside_preview_bundler_url: allowlisted_url)

      sign_in(user)
    end

--- a/spec/features/ide/static_object_external_storage_csp_spec.rb
+++ b/spec/features/ide/static_object_external_storage_csp_spec.rb
@@ -12,7 +12,7 @@ RSpec.describe 'Static Object External Storage Content Security Policy' do
  end

  it_behaves_like 'setting CSP', 'connect-src' do
-    let_it_be(:whitelisted_url) { 'https://static-objects.test' }
+    let_it_be(:allowlisted_url) { 'https://static-objects.test' }
    let_it_be(:extended_controller_class) { IdeController }

    subject do
@@ -22,7 +22,7 @@ RSpec.describe 'Static Object External Storage Content Security Policy' do
    end

    before do
-      allow_any_instance_of(ApplicationSetting).to receive(:static_objects_external_storage_url).and_return(whitelisted_url)
+      allow_any_instance_of(ApplicationSetting).to receive(:static_objects_external_storage_url).and_return(allowlisted_url)
      allow_any_instance_of(ApplicationSetting).to receive(:static_objects_external_storage_auth_token).and_return('letmein')

      sign_in(user)

--- a/spec/features/projects/sourcegraph_csp_spec.rb
+++ b/spec/features/projects/sourcegraph_csp_spec.rb
@@ -13,7 +13,8 @@ RSpec.describe 'Sourcegraph Content Security Policy' do
  end

  it_behaves_like 'setting CSP', 'connect-src' do
-    let_it_be(:whitelisted_url) { 'https://sourcegraph.test' }
+    let_it_be(:sourcegraph_url) { 'https://sourcegraph.test' }
+    let_it_be(:allowlisted_url) { "#{sourcegraph_url}/.api/" }
    let_it_be(:extended_controller_class) { Projects::BlobController }

    subject do
@@ -23,7 +24,7 @@ RSpec.describe 'Sourcegraph Content Security Policy' do
    end

    before do
-      allow(Gitlab::CurrentSettings).to receive(:sourcegraph_url).and_return(whitelisted_url)
+      allow(Gitlab::CurrentSettings).to receive(:sourcegraph_url).and_return(sourcegraph_url)
      allow(Gitlab::CurrentSettings).to receive(:sourcegraph_enabled).and_return(true)

      sign_in(user)

--- a/spec/support/shared_examples/csp.rb
+++ b/spec/support/shared_examples/csp.rb
@@ -28,7 +28,7 @@ RSpec.shared_examples 'setting CSP' do |rule_name|

    context 'when feature is enabled' do
      it "appends to #{rule_name}" do
-        is_expected.to eql("#{rule_name} #{default_csp_values} #{whitelisted_url}")
+        is_expected.to eql("#{rule_name} #{default_csp_values} #{allowlisted_url}")
      end
    end

@@ -46,7 +46,7 @@ RSpec.shared_examples 'setting CSP' do |rule_name|

    context 'when feature is enabled' do
      it "uses default-src values in #{rule_name}" do
-        is_expected.to eql("default-src #{default_csp_values}; #{rule_name} #{default_csp_values} #{whitelisted_url}")
+        is_expected.to eql("default-src #{default_csp_values}; #{rule_name} #{default_csp_values} #{allowlisted_url}")
      end
    end

@@ -64,7 +64,7 @@ RSpec.shared_examples 'setting CSP' do |rule_name|

    context 'when feature is enabled' do
      it "uses default-src values in #{rule_name}" do
-        is_expected.to eql("font-src #{default_csp_values}; #{rule_name} #{whitelisted_url}")
+        is_expected.to eql("font-src #{default_csp_values}; #{rule_name} #{allowlisted_url}")
      end
    end