[tests-only] API test coverage content-disposition header with filename having quotes (#8390)

* extend content-dispostion tests * extend content-dispostion tests
2026-01-07 04:40:05 -06:00 · 2024-02-07 17:44:55 +05:45
parent 3860301fdc
commit 24da3631db
1 changed files with 38 additions and 8 deletions
--- a/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature
+++ b/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature
@@ -280,17 +280,47 @@ Feature: download file
      | X-XSS-Protection                  | 1; mode=block                                            |
    And the downloaded content should be "test file"
    Examples:
-      | dav-path-version | file         |
-      | old              | textfile.txt |
-      | old              | comma,.txt   |
-      | new              | textfile.txt |
-      | new              | comma,.txt   |
+      | dav-path-version | file               |
+      | old              | textfile.txt       |
+      | old              | comma,.txt         |
+      | old              | 'quote'single'.txt |
+      | new              | textfile.txt       |
+      | new              | comma,.txt         |
+      | new              | 'quote'single'.txt |

    @skipOnRevaMaster
    Examples:
-      | dav-path-version | file         |
-      | spaces           | textfile.txt |
-      | spaces           | comma,.txt   |
+      | dav-path-version | file               |
+      | spaces           | textfile.txt       |
+      | spaces           | comma,.txt         |
+      | spaces           | 'quote'single'.txt |
+
+  @smokeTest @issue-8361
+  Scenario Outline: downloading a file should serve security headers (file with doubel quotes)
+    Given using <dav-path-version> DAV path
+    And user "Alice" has uploaded file with content "test file" to '/"quote"double".txt'
+    When user "Alice" downloads file '/"quote"double".txt' using the WebDAV API
+    Then the HTTP status code should be "200"
+    And the following headers should be set
+      | header                            | value                                                                            |
+      | Content-Disposition               | attachment; filename*=UTF-8''""quote"double".txt"; filename=""quote"double".txt" |
+      | Content-Security-Policy           | default-src 'none';                                                              |
+      | X-Content-Type-Options            | nosniff                                                                          |
+      | X-Download-Options                | noopen                                                                           |
+      | X-Frame-Options                   | SAMEORIGIN                                                                       |
+      | X-Permitted-Cross-Domain-Policies | none                                                                             |
+      | X-Robots-Tag                      | none                                                                             |
+      | X-XSS-Protection                  | 1; mode=block                                                                    |
+    And the downloaded content should be "test file"
+    Examples:
+      | dav-path-version |
+      | old              |
+      | new              |
+
+    @skipOnRevaMaster
+    Examples:
+      | dav-path-version |
+      | spaces           |


  Scenario: download a zero byte size file