summaryrefslogtreecommitdiffstats
path: root/build/integration/features/webdav-related.feature
diff options
context:
space:
mode:
Diffstat (limited to 'build/integration/features/webdav-related.feature')
-rw-r--r--build/integration/features/webdav-related.feature37
1 files changed, 0 insertions, 37 deletions
diff --git a/build/integration/features/webdav-related.feature b/build/integration/features/webdav-related.feature
index 14ff505463c..06df280ea64 100644
--- a/build/integration/features/webdav-related.feature
+++ b/build/integration/features/webdav-related.feature
@@ -92,43 +92,6 @@ Feature: webdav-related
|X-XSS-Protection|1; mode=block|
And Downloaded content should start with "Welcome to your ownCloud account!"
- Scenario: Downloading a file on the new endpoint should serve security headers
- Given using dav path "remote.php/dav/files/admin/"
- And As an "admin"
- When Downloading file "/welcome.txt"
- Then The following headers should be set
- |Content-Disposition|attachment; filename*=UTF-8''welcome.txt; filename="welcome.txt"|
- |Content-Security-Policy|default-src 'none';|
- |X-Content-Type-Options |nosniff|
- |X-Download-Options|noopen|
- |X-Frame-Options|Sameorigin|
- |X-Permitted-Cross-Domain-Policies|none|
- |X-Robots-Tag|none|
- |X-XSS-Protection|1; mode=block|
- And Downloaded content should start with "Welcome to your ownCloud account!"
-
- Scenario: Doing a GET with a web login should work without CSRF token on the new backend
- Given Logging in using web as "admin"
- When Sending a "GET" to "/remote.php/dav/files/admin/welcome.txt" without requesttoken
- Then Downloaded content should start with "Welcome to your ownCloud account!"
- Then the HTTP status code should be "200"
-
- Scenario: Doing a GET with a web login should work with CSRF token on the new backend
- Given Logging in using web as "admin"
- When Sending a "GET" to "/remote.php/dav/files/admin/welcome.txt" with requesttoken
- Then Downloaded content should start with "Welcome to your ownCloud account!"
- Then the HTTP status code should be "200"
-
- Scenario: Doing a PROPFIND with a web login should not work without CSRF token on the new backend
- Given Logging in using web as "admin"
- When Sending a "PROPFIND" to "/remote.php/dav/files/admin/welcome.txt" without requesttoken
- Then the HTTP status code should be "401"
-
- Scenario: Doing a PROPFIND with a web login should work with CSRF token on the new backend
- Given Logging in using web as "admin"
- When Sending a "PROPFIND" to "/remote.php/dav/files/admin/welcome.txt" with requesttoken
- Then the HTTP status code should be "207"
-
Scenario: Doing a GET with a web login should work without CSRF token on the old backend
Given Logging in using web as "admin"
When Sending a "GET" to "/remote.php/webdav/welcome.txt" without requesttoken