Merge pull request #8378 from owncloud/tests/coverage-Content-Disposition

[tests-only] extend API test coverage for content-disposition header
2026-01-07 04:40:05 -06:00 · 2024-02-07 13:42:21 +05:45
parent 3c8db1ae72 fc5a8f967b
commit a2a9b106f8
1 changed files with 21 additions and 17 deletions
--- a/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature
+++ b/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature
@@ -262,31 +262,35 @@ Feature: download file
      | dav-path-version |
      | spaces           |

-  @smokeTest
+  @smokeTest @issue-8361
  Scenario Outline: downloading a file should serve security headers
    Given using <dav-path-version> DAV path
-    When user "Alice" downloads file "/welcome.txt" using the WebDAV API
+    And user "Alice" has uploaded file with content "test file" to "/<file>"
+    When user "Alice" downloads file "/<file>" using the WebDAV API
    Then the HTTP status code should be "200"
    And the following headers should be set
-      | header                            | value                                                            |
-      | Content-Disposition               | attachment; filename*=UTF-8''"welcome.txt"; filename="welcome.txt" |
-      | Content-Security-Policy           | default-src 'none';                                              |
-      | X-Content-Type-Options            | nosniff                                                          |
-      | X-Download-Options                | noopen                                                           |
-      | X-Frame-Options                   | SAMEORIGIN                                                       |
-      | X-Permitted-Cross-Domain-Policies | none                                                             |
-      | X-Robots-Tag                      | none                                                             |
-      | X-XSS-Protection                  | 1; mode=block                                                    |
-    And the downloaded content should start with "Welcome"
+      | header                            | value                                                    |
+      | Content-Disposition               | attachment; filename*=UTF-8''"<file>"; filename="<file>" |
+      | Content-Security-Policy           | default-src 'none';                                      |
+      | X-Content-Type-Options            | nosniff                                                  |
+      | X-Download-Options                | noopen                                                   |
+      | X-Frame-Options                   | SAMEORIGIN                                               |
+      | X-Permitted-Cross-Domain-Policies | none                                                     |
+      | X-Robots-Tag                      | none                                                     |
+      | X-XSS-Protection                  | 1; mode=block                                            |
+    And the downloaded content should be "test file"
    Examples:
-      | dav-path-version |
-      | old              |
-      | new              |
+      | dav-path-version | file         |
+      | old              | textfile.txt |
+      | old              | comma,.txt   |
+      | new              | textfile.txt |
+      | new              | comma,.txt   |

    @skipOnRevaMaster
    Examples:
-      | dav-path-version |
-      | spaces           |
+      | dav-path-version | file         |
+      | spaces           | textfile.txt |
+      | spaces           | comma,.txt   |


  Scenario: download a zero byte size file