freedomofpress · redshiftzero · Oct 12, 2018 · Oct 12, 2018 · Oct 12, 2018 · redshiftzero
diff --git a/securedrop_proxy/proxy.py b/securedrop_proxy/proxy.py
@@ -96,11 +96,15 @@ def handle_non_json_response(self):
 
         res = Response(self._presp.status_code)
 
-        fh = tempfile.NamedTemporaryFile()
+        # Create a NamedTemporaryFile, we don't want
+        # to delete it after closing.
+        fh = tempfile.NamedTemporaryFile(delete=False)
 
         for c in self._presp.iter_content(10):
             fh.write(c)
 
+        fh.close()
+
         res.headers = self._presp.headers
 
         self.on_save(fh, res, self.conf)

diff --git a/tests/test_main.py b/tests/test_main.py
@@ -83,6 +83,13 @@ def on_save(fh, res, conf):
         # The proxy should have created a filename in the response body
         self.assertIn('filename', response['body'])
 
+        # The file should not be empty
+        with open("/tmp/{}".format(self.fn)) as f:
+            saved_file = f.read()
+
+        # We expect HTML content in the file from the test data
+        self.assertIn("<html>", saved_file)
+
     def test_error_response(self):
         test_input_json = """"foo": "bar", "baz": "bliff" }"""