| @@ -22,6 +22,10 class AttachmentsController < ApplicationController | |||||
| 22 | before_action :delete_authorize, :only => :destroy |
|
22 | before_action :delete_authorize, :only => :destroy | |
| 23 | before_action :authorize_global, :only => :upload |
|
23 | before_action :authorize_global, :only => :upload | |
| 24 |
|
24 | |||
|
|
25 | # Disable check for same origin requests for JS files, i.e. attachments with | |||
|
|
26 | # MIME type text/javascript. | |||
|
|
27 | skip_after_filter :verify_same_origin_request, :only => :download | |||
|
|
28 | ||||
| 25 | accept_api_auth :show, :download, :thumbnail, :upload, :destroy |
|
29 | accept_api_auth :show, :download, :thumbnail, :upload, :destroy | |
| 26 |
|
30 | |||
| 27 | def show |
|
31 | def show | |
| @@ -252,6 +252,19 class AttachmentsControllerTest < Redmine::ControllerTest | |||||
| 252 | set_tmp_attachments_directory |
|
252 | set_tmp_attachments_directory | |
| 253 | end |
|
253 | end | |
| 254 |
|
254 | |||
|
|
255 | def test_download_js_file | |||
|
|
256 | set_tmp_attachments_directory | |||
|
|
257 | attachment = Attachment.create!( | |||
|
|
258 | :file => mock_file_with_options(:original_filename => "hello.js", :content_type => "text/javascript"), | |||
|
|
259 | :author_id => 2, | |||
|
|
260 | :container => Issue.find(1) | |||
|
|
261 | ) | |||
|
|
262 | ||||
|
|
263 | get :download, :id => attachment.id | |||
|
|
264 | assert_response :success | |||
|
|
265 | assert_equal 'text/javascript', @response.content_type | |||
|
|
266 | end | |||
|
|
267 | ||||
| 255 | def test_download_version_file_with_issue_tracking_disabled |
|
268 | def test_download_version_file_with_issue_tracking_disabled | |
| 256 | Project.find(1).disable_module! :issue_tracking |
|
269 | Project.find(1).disable_module! :issue_tracking | |
| 257 | get :download, :id => 9 |
|
270 | get :download, :id => 9 | |
General Comments 0
You need to be logged in to leave comments.
Login now