Fix cypress by using new stage "TESTING"

Cypress did not work because of the stricter security header. We introduced a new stage named "TESTING" which ignores this security headers and allow testing tools to work as intended.

Committed-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>

scm-core/src/main/java/sonia/scm/Stage.java

@@ -43,7 +43,13 @@ public enum Stage
   /**
    * This value indicates SCM-Manager is right now productive.
    */
-  PRODUCTION(com.google.inject.Stage.PRODUCTION);
+  PRODUCTION(com.google.inject.Stage.PRODUCTION),
+
+  /**
+   * This value indicates SCM-Manager is right now in development but specifically configured for testing.
+   * @since 2.47.0
+   */
+  TESTING(com.google.inject.Stage.DEVELOPMENT);
 
   /**
    * Constructs a new Stage

scm-ui/e2e-tests/cypress/integration/repository_code_filesearch_spec.ts

@@ -34,6 +34,7 @@ describe("Repository File Search", () => {
     // Create user and login
     username = hri.random();
     password = hri.random();
+    cy.restSetConfig({ enabledFileSearch: true });
     cy.restCreateUser(username, password);
     cy.restLogin(username, password);
 

scm-ui/e2e-tests/package.json

@@ -13,7 +13,7 @@
   },
   "dependencies": {
     "@ffmpeg-installer/ffmpeg": "^1.0.20",
-    "@scm-manager/integration-test-runner": "^3.3.0",
+    "@scm-manager/integration-test-runner": "^3.4.3",
     "fluent-ffmpeg": "^2.1.2"
   },
   "devDependencies": {
@@ -26,4 +26,4 @@
   "publishConfig": {
     "access": "public"
   }
-}
+}

scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java

@@ -25,8 +25,11 @@
 package sonia.scm.filter;
 
 import sonia.scm.Priority;
+import sonia.scm.SCMContextProvider;
+import sonia.scm.Stage;
 import sonia.scm.web.filter.HttpFilter;
 
+import javax.inject.Inject;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -36,47 +39,57 @@ import java.io.IOException;
 @Priority(7000)
 @WebElement("*")
 public class SecurityHeadersFilter extends HttpFilter {
+
+  private final SCMContextProvider contextProvider;
+
+  @Inject
+  public SecurityHeadersFilter(SCMContextProvider contextProvider) {
+    this.contextProvider = contextProvider;
+  }
+
   @Override
   protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
-    response.setHeader("X-Frame-Options", "deny");
+    if (contextProvider.getStage() != Stage.TESTING) {
-    response.setHeader("X-Content-Type-Options", "nosniff");
+      response.setHeader("X-Frame-Options", "deny");
-    response.setHeader("Content-Security-Policy",
+      response.setHeader("X-Content-Type-Options", "nosniff");
+      response.setHeader("Content-Security-Policy",
         "form-action 'self'; " +
-        "object-src 'none'; " +
+          "object-src 'none'; " +
-        "frame-ancestors 'none'; " +
+          "frame-ancestors 'none'; " +
-        "block-all-mixed-content"
+          "block-all-mixed-content"
-    );
+      );
-    response.setHeader("Permissions-Policy",
+      response.setHeader("Permissions-Policy",
-      "accelerometer=()," +
+        "accelerometer=()," +
-        "ambient-light-sensor=()," +
+          "ambient-light-sensor=()," +
-        "autoplay=()," +
+          "autoplay=()," +
-        "battery=()," +
+          "battery=()," +
-        "camera=()," +
+          "camera=()," +
-        "display-capture=()," +
+          "display-capture=()," +
-        "document-domain=()," +
+          "document-domain=()," +
-        "encrypted-media=()," +
+          "encrypted-media=()," +
-        "fullscreen=()," +
+          "fullscreen=()," +
-        "gamepad=()," +
+          "gamepad=()," +
-        "geolocation=()," +
+          "geolocation=()," +
-        "gyroscope=()," +
+          "gyroscope=()," +
-        "layout-animations=(self)," +
+          "layout-animations=(self)," +
-        "legacy-image-formats=(self)," +
+          "legacy-image-formats=(self)," +
-        "magnetometer=()," +
+          "magnetometer=()," +
-        "microphone=()," +
+          "microphone=()," +
-        "midi=()," +
+          "midi=()," +
-        "oversized-images=(self)," +
+          "oversized-images=(self)," +
-        "payment=()," +
+          "payment=()," +
-        "picture-in-picture=()," +
+          "picture-in-picture=()," +
-        "publickey-credentials-get=()," +
+          "publickey-credentials-get=()," +
-        "speaker-selection=()," +
+          "speaker-selection=()," +
-        "sync-xhr=(self)," +
+          "sync-xhr=(self)," +
-        "unoptimized-images=(self)," +
+          "unoptimized-images=(self)," +
-        "unsized-media=(self)," +
+          "unsized-media=(self)," +
-        "usb=()," +
+          "usb=()," +
-        "screen-wake-lock=()," +
+          "screen-wake-lock=()," +
-        "web-share=()," +
+          "web-share=()," +
-        "xr-spatial-tracking=()"
+          "xr-spatial-tracking=()"
-    );
+      );
+    }
     chain.doFilter(request, response);
   }
 }

yarn.lock

@@ -3091,10 +3091,10 @@
     eslint-plugin-react-hooks "^2.1.2"
     jest "^26.6.3"
 
-"@scm-manager/integration-test-runner@^3.3.0":
+"@scm-manager/integration-test-runner@^3.4.3":
-  version "3.4.1"
+  version "3.4.3"
-  resolved "https://registry.npmjs.org/@scm-manager/integration-test-runner/-/integration-test-runner-3.4.1.tgz"
+  resolved "https://registry.yarnpkg.com/@scm-manager/integration-test-runner/-/integration-test-runner-3.4.3.tgz#6a2e44f5c360fb1c40c3701cf9e8ddadd5031666"
-  integrity sha512-BiJ5h3ZEedqGcuymd+xLjJzd6x0Qpw2pHoHpJ1Rd7oEjs9Eny0yeI5b3ElRgI4E/ybHWs0o3s/wVQ2LE5pmw9Q==
+  integrity sha512-tA3B5iDAsNWQgXUiMhnrz7sX5dc0674R5Xb+Fch5kSysxMjwn5gMeDUIXA6j5S6OXsp8jlIj/y70m5foplO2WQ==
   dependencies:
     "@ffmpeg-installer/ffmpeg" "^1.0.20"
     "@octokit/rest" "^18.0.9"