| @@ -22,6 +22,10 class AttachmentsController < ApplicationController | |||
|
|
22 | 22 | before_action :delete_authorize, :only => :destroy |
|
|
23 | 23 | before_action :authorize_global, :only => :upload |
|
|
24 | 24 | |
|
|
25 | # Disable check for same origin requests for JS files, i.e. attachments with | |
|
|
26 | # MIME type text/javascript. | |
|
|
27 | skip_after_filter :verify_same_origin_request, :only => :download | |
|
|
28 | ||
|
|
25 | 29 | accept_api_auth :show, :download, :thumbnail, :upload, :destroy |
|
|
26 | 30 | |
|
|
27 | 31 | def show |
| @@ -252,6 +252,19 class AttachmentsControllerTest < Redmine::ControllerTest | |||
|
|
252 | 252 | set_tmp_attachments_directory |
|
|
253 | 253 | end |
|
|
254 | 254 | |
|
|
255 | def test_download_js_file | |
|
|
256 | set_tmp_attachments_directory | |
|
|
257 | attachment = Attachment.create!( | |
|
|
258 | :file => mock_file_with_options(:original_filename => "hello.js", :content_type => "text/javascript"), | |
|
|
259 | :author_id => 2, | |
|
|
260 | :container => Issue.find(1) | |
|
|
261 | ) | |
|
|
262 | ||
|
|
263 | get :download, :id => attachment.id | |
|
|
264 | assert_response :success | |
|
|
265 | assert_equal 'text/javascript', @response.content_type | |
|
|
266 | end | |
|
|
267 | ||
|
|
255 | 268 | def test_download_version_file_with_issue_tracking_disabled |
|
|
256 | 269 | Project.find(1).disable_module! :issue_tracking |
|
|
257 | 270 | get :download, :id => 9 |
General Comments 0
You need to be logged in to leave comments.
Login now