diff --git a/scm-core/src/main/java/sonia/scm/Stage.java b/scm-core/src/main/java/sonia/scm/Stage.java index 5c752f5620..eb4ab3dbec 100644 --- a/scm-core/src/main/java/sonia/scm/Stage.java +++ b/scm-core/src/main/java/sonia/scm/Stage.java @@ -43,7 +43,13 @@ public enum Stage /** * This value indicates SCM-Manager is right now productive. */ - PRODUCTION(com.google.inject.Stage.PRODUCTION); + PRODUCTION(com.google.inject.Stage.PRODUCTION), + + /** + * This value indicates SCM-Manager is right now in development but specifically configured for testing. + * @since 2.47.0 + */ + TESTING(com.google.inject.Stage.DEVELOPMENT); /** * Constructs a new Stage diff --git a/scm-ui/e2e-tests/cypress/integration/repository_code_filesearch_spec.ts b/scm-ui/e2e-tests/cypress/integration/repository_code_filesearch_spec.ts index a4cc43c60d..4543956dc4 100644 --- a/scm-ui/e2e-tests/cypress/integration/repository_code_filesearch_spec.ts +++ b/scm-ui/e2e-tests/cypress/integration/repository_code_filesearch_spec.ts @@ -34,6 +34,7 @@ describe("Repository File Search", () => { // Create user and login username = hri.random(); password = hri.random(); + cy.restSetConfig({ enabledFileSearch: true }); cy.restCreateUser(username, password); cy.restLogin(username, password); diff --git a/scm-ui/e2e-tests/package.json b/scm-ui/e2e-tests/package.json index e839c45305..0ea4ebe3bb 100644 --- a/scm-ui/e2e-tests/package.json +++ b/scm-ui/e2e-tests/package.json @@ -13,7 +13,7 @@ }, "dependencies": { "@ffmpeg-installer/ffmpeg": "^1.0.20", - "@scm-manager/integration-test-runner": "^3.3.0", + "@scm-manager/integration-test-runner": "^3.4.3", "fluent-ffmpeg": "^2.1.2" }, "devDependencies": { @@ -26,4 +26,4 @@ "publishConfig": { "access": "public" } -} \ No newline at end of file +} diff --git a/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java b/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java index ba348b67f6..652aa78361 100644 --- a/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java +++ b/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java @@ -25,8 +25,11 @@ package sonia.scm.filter; import sonia.scm.Priority; +import sonia.scm.SCMContextProvider; +import sonia.scm.Stage; import sonia.scm.web.filter.HttpFilter; +import javax.inject.Inject; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -36,47 +39,57 @@ import java.io.IOException; @Priority(7000) @WebElement("*") public class SecurityHeadersFilter extends HttpFilter { + + private final SCMContextProvider contextProvider; + + @Inject + public SecurityHeadersFilter(SCMContextProvider contextProvider) { + this.contextProvider = contextProvider; + } + @Override protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { - response.setHeader("X-Frame-Options", "deny"); - response.setHeader("X-Content-Type-Options", "nosniff"); - response.setHeader("Content-Security-Policy", + if (contextProvider.getStage() != Stage.TESTING) { + response.setHeader("X-Frame-Options", "deny"); + response.setHeader("X-Content-Type-Options", "nosniff"); + response.setHeader("Content-Security-Policy", "form-action 'self'; " + - "object-src 'none'; " + - "frame-ancestors 'none'; " + - "block-all-mixed-content" - ); - response.setHeader("Permissions-Policy", - "accelerometer=()," + - "ambient-light-sensor=()," + - "autoplay=()," + - "battery=()," + - "camera=()," + - "display-capture=()," + - "document-domain=()," + - "encrypted-media=()," + - "fullscreen=()," + - "gamepad=()," + - "geolocation=()," + - "gyroscope=()," + - "layout-animations=(self)," + - "legacy-image-formats=(self)," + - "magnetometer=()," + - "microphone=()," + - "midi=()," + - "oversized-images=(self)," + - "payment=()," + - "picture-in-picture=()," + - "publickey-credentials-get=()," + - "speaker-selection=()," + - "sync-xhr=(self)," + - "unoptimized-images=(self)," + - "unsized-media=(self)," + - "usb=()," + - "screen-wake-lock=()," + - "web-share=()," + - "xr-spatial-tracking=()" - ); + "object-src 'none'; " + + "frame-ancestors 'none'; " + + "block-all-mixed-content" + ); + response.setHeader("Permissions-Policy", + "accelerometer=()," + + "ambient-light-sensor=()," + + "autoplay=()," + + "battery=()," + + "camera=()," + + "display-capture=()," + + "document-domain=()," + + "encrypted-media=()," + + "fullscreen=()," + + "gamepad=()," + + "geolocation=()," + + "gyroscope=()," + + "layout-animations=(self)," + + "legacy-image-formats=(self)," + + "magnetometer=()," + + "microphone=()," + + "midi=()," + + "oversized-images=(self)," + + "payment=()," + + "picture-in-picture=()," + + "publickey-credentials-get=()," + + "speaker-selection=()," + + "sync-xhr=(self)," + + "unoptimized-images=(self)," + + "unsized-media=(self)," + + "usb=()," + + "screen-wake-lock=()," + + "web-share=()," + + "xr-spatial-tracking=()" + ); + } chain.doFilter(request, response); } } diff --git a/yarn.lock b/yarn.lock index 3ef06f1d8b..9f4192f49a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3091,10 +3091,10 @@ eslint-plugin-react-hooks "^2.1.2" jest "^26.6.3" -"@scm-manager/integration-test-runner@^3.3.0": - version "3.4.1" - resolved "https://registry.npmjs.org/@scm-manager/integration-test-runner/-/integration-test-runner-3.4.1.tgz" - integrity sha512-BiJ5h3ZEedqGcuymd+xLjJzd6x0Qpw2pHoHpJ1Rd7oEjs9Eny0yeI5b3ElRgI4E/ybHWs0o3s/wVQ2LE5pmw9Q== +"@scm-manager/integration-test-runner@^3.4.3": + version "3.4.3" + resolved "https://registry.yarnpkg.com/@scm-manager/integration-test-runner/-/integration-test-runner-3.4.3.tgz#6a2e44f5c360fb1c40c3701cf9e8ddadd5031666" + integrity sha512-tA3B5iDAsNWQgXUiMhnrz7sX5dc0674R5Xb+Fch5kSysxMjwn5gMeDUIXA6j5S6OXsp8jlIj/y70m5foplO2WQ== dependencies: "@ffmpeg-installer/ffmpeg" "^1.0.20" "@octokit/rest" "^18.0.9"