Block outgoing Chrome connections in Capybara tests
What does this MR do and why?
https://www.chromium.org/developers/design-documents/network-settings
describes that it's possible to use the --proxy-server
and
--proxy-bypass-list
. We use this feature to block external network
access but still allow local access to the network. This prevents
specs from testing against GitLab.com and accessing external
resources.
While testing this, it appears that Chrome was quite often accessing Gravatar for user avatars. We will probably want a way to disable this feature outright, but Gravatar requests will now fail, rendering them blank in feature specs.
Relates to #386091 (closed)
How to set up and validate locally
- Revert !107292 (merged) in
spec/features/projects_spec.rb
:
diff --git a/spec/features/projects_spec.rb b/spec/features/projects_spec.rb
index ec0b3f9d81b6..701dcebb0f30 100644
--- a/spec/features/projects_spec.rb
+++ b/spec/features/projects_spec.rb
@@ -327,9 +327,9 @@
end
it 'has working links to submodules' do
- submodule = find_link('645f6c4c')
+ click_link('645f6c4c')
- expect(submodule[:href]).to eq('https://gitlab.com/gitlab-org/gitlab-grack/-/tree/645f6c4c82fd3f5e06f67134450a570b795e55a6')
+ expect(page).to have_selector('.ref-selector', text: '645f6c4c82fd3f5e06f67134450a570b795e55a6')
end
context 'for signed commit on default branch', :js do
- Hard-code the proxy port in this branch:
diff --git a/spec/support/capybara.rb b/spec/support/capybara.rb
index 632366ef2ea4..ff322f3b206b 100644
--- a/spec/support/capybara.rb
+++ b/spec/support/capybara.rb
@@ -85,7 +85,7 @@
# Generate a random port to blackhole all external traffic
tcp_server = TCPServer.new('127.0.0.1', 0)
- options.add_argument("--proxy-server=http://127.0.0.1:#{tcp_server.addr[1]}")
+ options.add_argument("--proxy-server=http://127.0.0.1:9999")
options.add_argument("--proxy-bypass-list=127.0.0.1,localhost,#{Gitlab.config.gitlab.host}")
Capybara::Selenium::Driver.new(
-
Listen on that port:
nc -k -l 9999
-
Run the test:
bundle exec rspec spec/features/projects_spec.rb:329
-
The test should fail with a blank Capybara screenshot, and the
nc
output should show an attempt to contact GitLab.com via a proxy:
% nc -k -l 9999
CONNECT gitlab.com:443 HTTP/1.1
Host: gitlab.com:443
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/108.0.5359.124 Safari/537.36
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.