Merge remote-tracking branch 'parent/main' into upstream-20231116

2023-11-15 13:01:29 +09:00 · 2023-11-15 13:01:29 +09:00 · 24371d6b2a
commit 24371d6b2a
parent f5d01909ab 998f068499
87 changed files with 566 additions and 347 deletions
--- a/spec/requests/api/v1/accounts/relationships_spec.rb
+++ b/spec/requests/api/v1/accounts/relationships_spec.rb
@ -102,17 +102,25 @@ describe 'GET /api/v1/accounts/relationships' do
      end
    end

-    it 'returns JSON with correct data on cached requests too' do
-      subject
-      subject
+    it 'returns JSON with correct data on previously cached requests' do
+      # Initial request including multiple accounts in params
+      get '/api/v1/accounts/relationships', headers: headers, params: { id: [simon.id, lewis.id] }
+      expect(body_as_json.size).to eq(2)
+
+      # Subsequent request with different id, should override cache from first request
+      get '/api/v1/accounts/relationships', headers: headers, params: { id: [simon.id] }

      expect(response).to have_http_status(200)

-      json = body_as_json
-
-      expect(json).to be_a Enumerable
-      expect(json.first[:following]).to be true
-      expect(json.first[:showing_reblogs]).to be true
+      expect(body_as_json)
+        .to be_an(Enumerable)
+        .and have_attributes(
+          size: 1,
+          first: hash_including(
+            following: true,
+            showing_reblogs: true
+          )
+        )
    end

    it 'returns JSON with correct data after change too' do
--- a/spec/requests/api/v1/csp_spec.rb
+++ b/spec/requests/api/v1/csp_spec.rb
@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'API namespace minimal Content-Security-Policy' do
+  before { stub_tests_controller }
+
+  after { Rails.application.reload_routes! }
+
+  it 'returns the correct CSP headers' do
+    get '/api/v1/tests'
+
+    expect(response).to have_http_status(200)
+    expect(response.headers['Content-Security-Policy']).to eq(minimal_csp_headers)
+  end
+
+  private
+
+  def stub_tests_controller
+    stub_const('Api::V1::TestsController', api_tests_controller)
+
+    Rails.application.routes.draw do
+      get '/api/v1/tests', to: 'api/v1/tests#index'
+    end
+  end
+
+  def api_tests_controller
+    Class.new(Api::BaseController) do
+      def index
+        head 200
+      end
+
+      private
+
+      def user_signed_in? = false
+      def current_user = nil
+    end
+  end
+
+  def minimal_csp_headers
+    "default-src 'none'; frame-ancestors 'none'; form-action 'none'"
+  end
+end