@@ -291,10 +291,11 @@ describe("fetchWithSlackAuth", () => {
|
291 | 291 | |
292 | 292 | it("strips Authorization header on cross-origin redirects", async () => { |
293 | 293 | // First call: redirect response from Slack |
294 | | -const redirectResponse = new Response(null, { |
| 294 | +const redirectResponse = new Response("redirect body", { |
295 | 295 | status: 302, |
296 | 296 | headers: { location: "https://cdn.slack-edge.com/presigned-url?sig=abc123" }, |
297 | 297 | }); |
| 298 | +const cancel = vi.spyOn(redirectResponse.body!, "cancel").mockResolvedValue(undefined); |
298 | 299 | |
299 | 300 | // Second call: actual file content from CDN |
300 | 301 | const fileResponse = new Response(Buffer.from("actual image data"), { |
@@ -321,13 +322,15 @@ describe("fetchWithSlackAuth", () => {
|
321 | 322 | "https://cdn.slack-edge.com/presigned-url?sig=abc123", |
322 | 323 | { redirect: "follow" }, |
323 | 324 | ); |
| 325 | +expect(cancel).toHaveBeenCalledOnce(); |
324 | 326 | }); |
325 | 327 | |
326 | 328 | it("preserves Authorization header on same-origin redirects", async () => { |
327 | | -const redirectResponse = new Response(null, { |
| 329 | +const redirectResponse = new Response("redirect body", { |
328 | 330 | status: 302, |
329 | 331 | headers: { location: "/files/redirect-target" }, |
330 | 332 | }); |
| 333 | +const cancel = vi.spyOn(redirectResponse.body!, "cancel").mockResolvedValue(undefined); |
331 | 334 | |
332 | 335 | const fileResponse = new Response(Buffer.from("image data"), { |
333 | 336 | status: 200, |
@@ -342,6 +345,7 @@ describe("fetchWithSlackAuth", () => {
|
342 | 345 | headers: { Authorization: "Bearer xoxb-test-token" }, |
343 | 346 | redirect: "follow", |
344 | 347 | }); |
| 348 | +expect(cancel).toHaveBeenCalledOnce(); |
345 | 349 | }); |
346 | 350 | |
347 | 351 | it("returns redirect response when no location header is provided", async () => { |
|