From 24da3631db675a05254f658d3a0d9bbdc703d188 Mon Sep 17 00:00:00 2001
From: Sawjan Gurung <saw.jan.grg3e@gmail.com>
Date: Wed, 7 Feb 2024 17:44:55 +0545
Subject: [PATCH] [tests-only] API test coverage content-disposition header
 with filename having quotes (#8390)

* extend content-dispostion tests

* extend content-dispostion tests
---
 .../downloadFile.feature                      | 46 +++++++++++++++----
 1 file changed, 38 insertions(+), 8 deletions(-)

diff --git a/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature b/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature
index e60e23898..a028ceada 100644
--- a/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature
+++ b/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature
@@ -280,17 +280,47 @@ Feature: download file
       | X-XSS-Protection                  | 1; mode=block                                            |
     And the downloaded content should be "test file"
     Examples:
-      | dav-path-version | file         |
-      | old              | textfile.txt |
-      | old              | comma,.txt   |
-      | new              | textfile.txt |
-      | new              | comma,.txt   |
+      | dav-path-version | file               |
+      | old              | textfile.txt       |
+      | old              | comma,.txt         |
+      | old              | 'quote'single'.txt |
+      | new              | textfile.txt       |
+      | new              | comma,.txt         |
+      | new              | 'quote'single'.txt |
 
     @skipOnRevaMaster
     Examples:
-      | dav-path-version | file         |
-      | spaces           | textfile.txt |
-      | spaces           | comma,.txt   |
+      | dav-path-version | file               |
+      | spaces           | textfile.txt       |
+      | spaces           | comma,.txt         |
+      | spaces           | 'quote'single'.txt |
+
+  @smokeTest @issue-8361
+  Scenario Outline: downloading a file should serve security headers (file with doubel quotes)
+    Given using <dav-path-version> DAV path
+    And user "Alice" has uploaded file with content "test file" to '/"quote"double".txt'
+    When user "Alice" downloads file '/"quote"double".txt' using the WebDAV API
+    Then the HTTP status code should be "200"
+    And the following headers should be set
+      | header                            | value                                                                            |
+      | Content-Disposition               | attachment; filename*=UTF-8''""quote"double".txt"; filename=""quote"double".txt" |
+      | Content-Security-Policy           | default-src 'none';                                                              |
+      | X-Content-Type-Options            | nosniff                                                                          |
+      | X-Download-Options                | noopen                                                                           |
+      | X-Frame-Options                   | SAMEORIGIN                                                                       |
+      | X-Permitted-Cross-Domain-Policies | none                                                                             |
+      | X-Robots-Tag                      | none                                                                             |
+      | X-XSS-Protection                  | 1; mode=block                                                                    |
+    And the downloaded content should be "test file"
+    Examples:
+      | dav-path-version |
+      | old              |
+      | new              |
+
+    @skipOnRevaMaster
+    Examples:
+      | dav-path-version |
+      | spaces           |
 
 
   Scenario: download a zero byte size file