mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
96937335d1
Currently `csp_meta_tag` generates `name` attribute only. However, in libraries like `Material-UI` and `JSS`, expect that the meta tag that contains the nonce with `property` attribute. https://material-ui.com/css-in-js/advanced/#how-does-one-implement-csp https://github.com/cssinjs/jss/blob/master/docs/csp.md This patch allows `csp_meta_tag` to specify arbitrary options and allows `nonce` to be passed to those libraries.
35 lines
767 B
Ruby
35 lines
767 B
Ruby
# frozen_string_literal: true
|
|
|
|
require "abstract_unit"
|
|
|
|
class CspHelperWithCspEnabledTest < ActionView::TestCase
|
|
tests ActionView::Helpers::CspHelper
|
|
|
|
def content_security_policy_nonce
|
|
"iyhD0Yc0W+c="
|
|
end
|
|
|
|
def content_security_policy?
|
|
true
|
|
end
|
|
|
|
def test_csp_meta_tag
|
|
assert_equal "<meta name=\"csp-nonce\" content=\"iyhD0Yc0W+c=\" />", csp_meta_tag
|
|
end
|
|
|
|
def test_csp_meta_tag_with_options
|
|
assert_equal "<meta property=\"csp-nonce\" name=\"csp-nonce\" content=\"iyhD0Yc0W+c=\" />", csp_meta_tag(property: "csp-nonce")
|
|
end
|
|
end
|
|
|
|
class CspHelperWithCspDisabledTest < ActionView::TestCase
|
|
tests ActionView::Helpers::CspHelper
|
|
|
|
def content_security_policy?
|
|
false
|
|
end
|
|
|
|
def test_csp_meta_tag
|
|
assert_nil csp_meta_tag
|
|
end
|
|
end
|