diff options
Diffstat (limited to 'build/integration/features/webdav-related.feature')
-rw-r--r-- | build/integration/features/webdav-related.feature | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/build/integration/features/webdav-related.feature b/build/integration/features/webdav-related.feature index 14ff505463c..06df280ea64 100644 --- a/build/integration/features/webdav-related.feature +++ b/build/integration/features/webdav-related.feature @@ -92,43 +92,6 @@ Feature: webdav-related |X-XSS-Protection|1; mode=block| And Downloaded content should start with "Welcome to your ownCloud account!" - Scenario: Downloading a file on the new endpoint should serve security headers - Given using dav path "remote.php/dav/files/admin/" - And As an "admin" - When Downloading file "/welcome.txt" - Then The following headers should be set - |Content-Disposition|attachment; filename*=UTF-8''welcome.txt; filename="welcome.txt"| - |Content-Security-Policy|default-src 'none';| - |X-Content-Type-Options |nosniff| - |X-Download-Options|noopen| - |X-Frame-Options|Sameorigin| - |X-Permitted-Cross-Domain-Policies|none| - |X-Robots-Tag|none| - |X-XSS-Protection|1; mode=block| - And Downloaded content should start with "Welcome to your ownCloud account!" - - Scenario: Doing a GET with a web login should work without CSRF token on the new backend - Given Logging in using web as "admin" - When Sending a "GET" to "/remote.php/dav/files/admin/welcome.txt" without requesttoken - Then Downloaded content should start with "Welcome to your ownCloud account!" - Then the HTTP status code should be "200" - - Scenario: Doing a GET with a web login should work with CSRF token on the new backend - Given Logging in using web as "admin" - When Sending a "GET" to "/remote.php/dav/files/admin/welcome.txt" with requesttoken - Then Downloaded content should start with "Welcome to your ownCloud account!" - Then the HTTP status code should be "200" - - Scenario: Doing a PROPFIND with a web login should not work without CSRF token on the new backend - Given Logging in using web as "admin" - When Sending a "PROPFIND" to "/remote.php/dav/files/admin/welcome.txt" without requesttoken - Then the HTTP status code should be "401" - - Scenario: Doing a PROPFIND with a web login should work with CSRF token on the new backend - Given Logging in using web as "admin" - When Sending a "PROPFIND" to "/remote.php/dav/files/admin/welcome.txt" with requesttoken - Then the HTTP status code should be "207" - Scenario: Doing a GET with a web login should work without CSRF token on the old backend Given Logging in using web as "admin" When Sending a "GET" to "/remote.php/webdav/welcome.txt" without requesttoken |