mirror of
https://github.com/sinatra/sinatra
synced 2023-03-27 23:18:01 -04:00
Include img-src in expected test output
Again, I'm assuming this is the intent, as `should allow changing ...` does try to change img-src
This commit is contained in:
parent
19ad671e93
commit
44916e0037
1 changed files with 3 additions and 3 deletions
|
@ -4,7 +4,7 @@ describe Rack::Protection::ContentSecurityPolicy do
|
|||
it 'should set the Content Security Policy' do
|
||||
expect(
|
||||
get('/', {}, 'wants' => 'text/html').headers["Content-Security-Policy"]
|
||||
).to eq("default-src none; script-src self; connect-src self; style-src self")
|
||||
).to eq("default-src none; script-src self; connect-src self; img-src self; style-src self")
|
||||
end
|
||||
|
||||
it 'should not set the Content Security Policy for other content types' do
|
||||
|
@ -21,7 +21,7 @@ describe Rack::Protection::ContentSecurityPolicy do
|
|||
end
|
||||
|
||||
headers = get('/', {}, 'wants' => 'text/html').headers
|
||||
expect(headers["Content-Security-Policy"]).to eq("default-src none; script-src https://cdn.mybank.net; connect-src https://api.mybank.com; font-src https://cdn.mybank.net; frame-src self; media-src https://cdn.mybank.net; style-src https://cdn.mybank.net; object-src https://cdn.mybank.net; report-uri /my_amazing_csp_report_parser; sandbox allow-scripts")
|
||||
expect(headers["Content-Security-Policy"]).to eq("default-src none; script-src https://cdn.mybank.net; connect-src https://api.mybank.com; font-src https://cdn.mybank.net; frame-src self; img-src https://cdn.mybank.net; media-src https://cdn.mybank.net; style-src https://cdn.mybank.net; object-src https://cdn.mybank.net; report-uri /my_amazing_csp_report_parser; sandbox allow-scripts")
|
||||
expect(headers["Content-Security-Policy-Report-Only"]).to be_nil
|
||||
end
|
||||
|
||||
|
@ -34,7 +34,7 @@ describe Rack::Protection::ContentSecurityPolicy do
|
|||
|
||||
headers = get('/', {}, 'wants' => 'text/html').headers
|
||||
expect(headers["Content-Security-Policy"]).to be_nil
|
||||
expect(headers["Content-Security-Policy-Report-Only"]).to eq("default-src none; script-src self; connect-src self; style-src self; report-uri /my_amazing_csp_report_parser")
|
||||
expect(headers["Content-Security-Policy-Report-Only"]).to eq("default-src none; script-src self; connect-src self; img-src self; style-src self; report-uri /my_amazing_csp_report_parser")
|
||||
end
|
||||
|
||||
it 'should not override the header if already set' do
|
||||
|
|
Loading…
Reference in a new issue