Convert problematic embedded shopfronts feature spec into request spec

2026-01-24 20:36:49 +00:00 · 2017-09-02 09:58:56 +10:00
parent f9df4d4c93
commit 2ed5e144ca
2 changed files with 62 additions and 31 deletions
--- a/spec/features/consumer/shopping/embedded_shopfronts_spec.rb
+++ b/spec/features/consumer/shopping/embedded_shopfronts_spec.rb
@@ -9,37 +9,6 @@ feature "Using embedded shopfront functionality", js: true do

  Capybara.server_port = 9999

-  describe "enabling embedded shopfronts" do
-    before do
-      Spree::Config[:enable_embedded_shopfronts] = false
-    end
-
-    it "disables iframes by default" do
-      visit shops_path
-      expect(page.response_headers['X-Frame-Options']).to eq 'DENY'
-      expect(page.response_headers['Content-Security-Policy']).to eq "frame-ancestors 'none'"
-    end
-
-    it "allows iframes on certain pages when enabled in configuration" do
-      quick_login_as_admin
-
-      visit spree.edit_admin_general_settings_path
-
-      check 'enable_embedded_shopfronts'
-      fill_in 'embedded_shopfronts_whitelist', with: "test.com"
-
-      click_button 'Update'
-
-      visit shops_path
-      expect(page.response_headers['X-Frame-Options']).to be_nil
-      expect(page.response_headers['Content-Security-Policy']).to eq "frame-ancestors test.com"
-
-      visit spree.admin_path
-      expect(page.response_headers['X-Frame-Options']).to eq 'DENY'
-      expect(page.response_headers['Content-Security-Policy']).to eq "frame-ancestors 'none'"
-    end
-  end
-
  describe "using iframes" do
    let(:distributor) { create(:distributor_enterprise, name: 'My Embedded Hub', permalink: 'test_enterprise', with_payment_and_shipping: true) }
    let(:supplier) { create(:supplier_enterprise) }
--- a/spec/requests/embedded_shopfronts_headers_spec.rb
+++ b/spec/requests/embedded_shopfronts_headers_spec.rb
@@ -0,0 +1,62 @@
+require 'spec_helper'
+
+describe "setting response headers for embedded shopfronts", type: :request do
+  include AuthenticationWorkflow
+
+  let(:enterprise) { create(:distributor_enterprise) }
+  let(:user) { enterprise.owner }
+
+  before do
+    quick_login_as(user)
+  end
+
+  context "with embedded shopfront disabled" do
+    before do
+      Spree::Config[:enable_embedded_shopfronts] = false
+    end
+
+    it "disables iframes by default" do
+      get shops_path
+      expect(response.status).to be 200
+      expect(response.headers['X-Frame-Options']).to eq 'DENY'
+      expect(response.headers['Content-Security-Policy']).to eq "frame-ancestors 'none'"
+    end
+  end
+
+  context "with embedded shopfronts enabled" do
+    before do
+      Spree::Config[:enable_embedded_shopfronts] = true
+    end
+
+    context "but no whitelist" do
+      before do
+        Spree::Config[:embedded_shopfronts_whitelist] = ""
+      end
+
+      it "disables iframes" do
+        get shops_path
+        expect(response.status).to be 200
+        expect(response.headers['X-Frame-Options']).to eq 'DENY'
+        expect(response.headers['Content-Security-Policy']).to eq "frame-ancestors 'none'"
+      end
+    end
+
+    context "with a valid whitelist" do
+      before do
+        Spree::Config[:embedded_shopfronts_whitelist] = "test.com"
+      end
+
+      it "allows iframes on certain pages when enabled in configuration" do
+        get shops_path
+        expect(response.status).to be 200
+        expect(response.headers['X-Frame-Options']).to be_nil
+        expect(response.headers['Content-Security-Policy']).to eq "frame-ancestors test.com"
+
+        get spree.admin_path
+        expect(response.status).to be 200
+        expect(response.headers['X-Frame-Options']).to eq 'DENY'
+        expect(response.headers['Content-Security-Policy']).to eq "frame-ancestors 'none'"
+      end
+    end
+  end
+end