test/secure_headers_test.rb in tynn-1.4.0 vs test/secure_headers_test.rb in tynn-2.0.0.alpha
- old
+ new
@@ -1,27 +1,39 @@
+# frozen_string_literal: true
+
+require_relative "helper"
require_relative "../lib/tynn/secure_headers"
-test "secure headers" do
- Tynn.plugin(Tynn::SecureHeaders)
+class SecureHeadersTest < Minitest::Test
+ HEADERS = Tynn::SecureHeaders::HEADERS
- Tynn.define do
- root do
- res.write("safe")
- end
+ def setup
+ @app = Class.new(Tynn)
end
- app = Tynn::Test.new
- app.get("/")
+ def test_dont_override_default_headers
+ @app.set(:default_headers, "Content-Type" => "application/json")
- secure_headers = {
- "X-Content-Type-Options" => "nosniff",
- "X-Frame-Options" => "SAMEORIGIN",
- "X-Permitted-Cross-Domain-Policies" => "none",
- "X-XSS-Protection" => "1; mode=block"
- }
+ @app.plugin(Tynn::SecureHeaders)
- headers = app.res.headers
+ assert @app.default_headers.key?("Content-Type")
+ end
- secure_headers.each do |header, value|
- assert_equal(value, headers[header])
+ def test_dont_override_if_exists
+ @app.set(:default_headers, "X-Frame-Options" => "DENY")
+
+ @app.plugin(Tynn::SecureHeaders)
+
+ assert_equal "DENY", @app.default_headers["X-Frame-Options"]
+ end
+
+ def test_respond_with_secure_headers
+ @app.plugin(Tynn::SecureHeaders)
+
+ @app.define {}
+
+ ts = Tynn::Test.new(@app)
+ ts.get("/")
+
+ assert_equal HEADERS, ts.res.headers
end
end