2015-10-04 14:58:00 -07:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
2015-10-07 03:00:03 -04:00
|
|
|
"os"
|
|
|
|
"path"
|
2015-10-04 14:58:00 -07:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/zenazn/goji"
|
|
|
|
)
|
|
|
|
|
|
|
|
var testCSPHeaders = map[string]string{
|
|
|
|
"Content-Security-Policy": "default-src 'none'; style-src 'self';",
|
|
|
|
"X-Frame-Options": "SAMEORIGIN",
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestContentSecurityPolicy(t *testing.T) {
|
2015-10-07 03:00:03 -04:00
|
|
|
Config.siteURL = "http://linx.example.org/"
|
|
|
|
Config.filesDir = path.Join(os.TempDir(), generateBarename())
|
|
|
|
Config.metaDir = Config.filesDir + "_meta"
|
|
|
|
Config.noLogs = true
|
|
|
|
Config.siteName = "linx"
|
|
|
|
Config.contentSecurityPolicy = "default-src 'none'; style-src 'self';"
|
|
|
|
Config.xFrameOptions = "SAMEORIGIN"
|
|
|
|
setup()
|
|
|
|
|
2015-10-04 14:58:00 -07:00
|
|
|
w := httptest.NewRecorder()
|
|
|
|
|
|
|
|
req, err := http.NewRequest("GET", "/", nil)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
goji.Use(ContentSecurityPolicy(CSPOptions{
|
|
|
|
policy: testCSPHeaders["Content-Security-Policy"],
|
|
|
|
frame: testCSPHeaders["X-Frame-Options"],
|
|
|
|
}))
|
|
|
|
|
|
|
|
goji.DefaultMux.ServeHTTP(w, req)
|
|
|
|
|
|
|
|
for k, v := range testCSPHeaders {
|
|
|
|
if w.HeaderMap[k][0] != v {
|
|
|
|
t.Fatalf("%s header did not match expected value set by middleware", k)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|