Sha256: 9b247d70219c2dede5959d6c05931f217e5be534c26e1a3e77020ce0acd38ba2
Contents?: true
Size: 1.79 KB
Versions: 3
Compression:
Stored size: 1.79 KB
Contents
# frozen_string_literal: true
RSpec.describe "Content-Security-Policy header", type: :integration do
it "returns default value" do
with_project do
generate "action web home#index --url=/"
server do
get "/"
expect(last_response.status).to eq(200)
expect(last_response.headers["Content-Security-Policy"]).to eq("form-action 'self'; frame-ancestors 'self'; base-uri 'self'; default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self'; object-src 'none'; plugin-types app/pdf; child-src 'self'; frame-src 'self'; media-src 'self'")
end
end
end
it "returns custom value" do
with_project do
generate "action web home#index --url=/"
replace "apps/web/app.rb", "script-src 'self';", "script-src 'self' https://code.jquery.com;"
server do
get "/"
expect(last_response.status).to eq(200)
expect(last_response.headers["Content-Security-Policy"]).to eq("form-action 'self'; frame-ancestors 'self'; base-uri 'self'; default-src 'none'; script-src 'self' https://code.jquery.com; connect-src 'self'; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self'; object-src 'none'; plugin-types app/pdf; child-src 'self'; frame-src 'self'; media-src 'self'")
end
end
end
it "doesn't send header if setting is removed" do
with_project do
generate "action web home#index --url=/"
replace "apps/web/app.rb", "security.content_security_policy %{", "%{"
server do
get "/"
expect(last_response.status).to eq(200)
expect(last_response.headers).to_not have_key("Content-Security-Policy")
end
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems