Fix cypress by using new stage "TESTING"

Cypress did not work because of the stricter security header. We introduced a new stage named "TESTING" which ignores this security headers and allow testing tools to work as intended. Committed-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
2025-11-15 09:46:16 +01:00 · 2023-09-08 15:19:54 +02:00
parent 8352cf349c
commit 93a23466ff
5 changed files with 65 additions and 45 deletions
--- a/scm-core/src/main/java/sonia/scm/Stage.java
+++ b/scm-core/src/main/java/sonia/scm/Stage.java
@@ -43,7 +43,13 @@ public enum Stage
  /**
   * This value indicates SCM-Manager is right now productive.
   */
-  PRODUCTION(com.google.inject.Stage.PRODUCTION);
+  PRODUCTION(com.google.inject.Stage.PRODUCTION),
+
+  /**
+   * This value indicates SCM-Manager is right now in development but specifically configured for testing.
+   * @since 2.47.0
+   */
+  TESTING(com.google.inject.Stage.DEVELOPMENT);

  /**
   * Constructs a new Stage
--- a/scm-ui/e2e-tests/cypress/integration/repository_code_filesearch_spec.ts
+++ b/scm-ui/e2e-tests/cypress/integration/repository_code_filesearch_spec.ts
@@ -34,6 +34,7 @@ describe("Repository File Search", () => {
    // Create user and login
    username = hri.random();
    password = hri.random();
+    cy.restSetConfig({ enabledFileSearch: true });
    cy.restCreateUser(username, password);
    cy.restLogin(username, password);

--- a/scm-ui/e2e-tests/package.json
+++ b/scm-ui/e2e-tests/package.json
@@ -13,7 +13,7 @@
  },
  "dependencies": {
    "@ffmpeg-installer/ffmpeg": "^1.0.20",
-    "@scm-manager/integration-test-runner": "^3.3.0",
+    "@scm-manager/integration-test-runner": "^3.4.3",
    "fluent-ffmpeg": "^2.1.2"
  },
  "devDependencies": {
--- a/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java
@@ -25,8 +25,11 @@
 package sonia.scm.filter;

 import sonia.scm.Priority;
+import sonia.scm.SCMContextProvider;
+import sonia.scm.Stage;
 import sonia.scm.web.filter.HttpFilter;

+import javax.inject.Inject;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -36,8 +39,17 @@ import java.io.IOException;
@Priority(7000)
@WebElement("*")
 public class SecurityHeadersFilter extends HttpFilter {
+
+  private final SCMContextProvider contextProvider;
+
+  @Inject
+  public SecurityHeadersFilter(SCMContextProvider contextProvider) {
+    this.contextProvider = contextProvider;
+  }
+
  @Override
  protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
+    if (contextProvider.getStage() != Stage.TESTING) {
      response.setHeader("X-Frame-Options", "deny");
      response.setHeader("X-Content-Type-Options", "nosniff");
      response.setHeader("Content-Security-Policy",
@@ -77,6 +89,7 @@ public class SecurityHeadersFilter extends HttpFilter {
          "web-share=()," +
          "xr-spatial-tracking=()"
      );
+    }
    chain.doFilter(request, response);
  }
 }
--- a/yarn.lock
+++ b/yarn.lock
@@ -3091,10 +3091,10 @@
    eslint-plugin-react-hooks "^2.1.2"
    jest "^26.6.3"

-"@scm-manager/integration-test-runner@^3.3.0":
-  version "3.4.1"
-  resolved "https://registry.npmjs.org/@scm-manager/integration-test-runner/-/integration-test-runner-3.4.1.tgz"
-  integrity sha512-BiJ5h3ZEedqGcuymd+xLjJzd6x0Qpw2pHoHpJ1Rd7oEjs9Eny0yeI5b3ElRgI4E/ybHWs0o3s/wVQ2LE5pmw9Q==
+"@scm-manager/integration-test-runner@^3.4.3":
+  version "3.4.3"
+  resolved "https://registry.yarnpkg.com/@scm-manager/integration-test-runner/-/integration-test-runner-3.4.3.tgz#6a2e44f5c360fb1c40c3701cf9e8ddadd5031666"
+  integrity sha512-tA3B5iDAsNWQgXUiMhnrz7sX5dc0674R5Xb+Fch5kSysxMjwn5gMeDUIXA6j5S6OXsp8jlIj/y70m5foplO2WQ==
  dependencies:
    "@ffmpeg-installer/ffmpeg" "^1.0.20"
    "@octokit/rest" "^18.0.9"