| @@ -22,6 +22,10 class AttachmentsController < ApplicationController | |||||
| 22 | before_filter :delete_authorize, :only => :destroy |
|
22 | before_filter :delete_authorize, :only => :destroy | |
| 23 | before_filter :authorize_global, :only => :upload |
|
23 | before_filter :authorize_global, :only => :upload | |
| 24 |
|
24 | |||
|
|
25 | # Disable check for same origin requests for JS files, i.e. attachments with | |||
|
|
26 | # MIME type text/javascript. | |||
|
|
27 | skip_after_filter :verify_same_origin_request, :only => :download | |||
|
|
28 | ||||
| 25 | accept_api_auth :show, :download, :thumbnail, :upload, :destroy |
|
29 | accept_api_auth :show, :download, :thumbnail, :upload, :destroy | |
| 26 |
|
30 | |||
| 27 | def show |
|
31 | def show | |
| @@ -258,6 +258,19 class AttachmentsControllerTest < ActionController::TestCase | |||||
| 258 | set_tmp_attachments_directory |
|
258 | set_tmp_attachments_directory | |
| 259 | end |
|
259 | end | |
| 260 |
|
260 | |||
|
|
261 | def test_download_js_file | |||
|
|
262 | set_tmp_attachments_directory | |||
|
|
263 | attachment = Attachment.create!( | |||
|
|
264 | :file => mock_file_with_options(:original_filename => "hello.js", :content_type => "text/javascript"), | |||
|
|
265 | :author_id => 2, | |||
|
|
266 | :container => Issue.find(1) | |||
|
|
267 | ) | |||
|
|
268 | ||||
|
|
269 | get :download, :id => attachment.id | |||
|
|
270 | assert_response :success | |||
|
|
271 | assert_equal 'text/javascript', @response.content_type | |||
|
|
272 | end | |||
|
|
273 | ||||
| 261 | def test_download_version_file_with_issue_tracking_disabled |
|
274 | def test_download_version_file_with_issue_tracking_disabled | |
| 262 | Project.find(1).disable_module! :issue_tracking |
|
275 | Project.find(1).disable_module! :issue_tracking | |
| 263 | get :download, :id => 9 |
|
276 | get :download, :id => 9 | |
General Comments 0
You need to be logged in to leave comments.
Login now