Include img-src in expected test output

Again, I'm assuming this is the intent, as `should allow changing ...` does try to change img-src
2023-03-27 23:18:01 -04:00 · 2016-07-26 17:35:57 -04:00 · 2016-07-26 17:35:57 -04:00 · 44916e0037
commit 44916e0037
parent 19ad671e93
1 changed files with 3 additions and 3 deletions
--- a/rack-protection/spec/lib/rack/protection/content_security_policy_spec.rb
+++ b/rack-protection/spec/lib/rack/protection/content_security_policy_spec.rb
@ -4,7 +4,7 @@ describe Rack::Protection::ContentSecurityPolicy do
  it 'should set the Content Security Policy' do
    expect(
      get('/', {}, 'wants' => 'text/html').headers["Content-Security-Policy"]
-    ).to eq("default-src none; script-src self; connect-src self; style-src self")
+    ).to eq("default-src none; script-src self; connect-src self; img-src self; style-src self")
  end

  it 'should not set the Content Security Policy for other content types' do
@ -21,7 +21,7 @@ describe Rack::Protection::ContentSecurityPolicy do
    end

    headers = get('/', {}, 'wants' => 'text/html').headers
-    expect(headers["Content-Security-Policy"]).to eq("default-src none; script-src https://cdn.mybank.net; connect-src https://api.mybank.com; font-src https://cdn.mybank.net; frame-src self; media-src https://cdn.mybank.net; style-src https://cdn.mybank.net; object-src https://cdn.mybank.net; report-uri /my_amazing_csp_report_parser; sandbox allow-scripts")
+    expect(headers["Content-Security-Policy"]).to eq("default-src none; script-src https://cdn.mybank.net; connect-src https://api.mybank.com; font-src https://cdn.mybank.net; frame-src self; img-src https://cdn.mybank.net; media-src https://cdn.mybank.net; style-src https://cdn.mybank.net; object-src https://cdn.mybank.net; report-uri /my_amazing_csp_report_parser; sandbox allow-scripts")
    expect(headers["Content-Security-Policy-Report-Only"]).to be_nil
  end

@ -34,7 +34,7 @@ describe Rack::Protection::ContentSecurityPolicy do

    headers = get('/', {}, 'wants' => 'text/html').headers
    expect(headers["Content-Security-Policy"]).to be_nil
-    expect(headers["Content-Security-Policy-Report-Only"]).to eq("default-src none; script-src self; connect-src self; style-src self; report-uri /my_amazing_csp_report_parser")
+    expect(headers["Content-Security-Policy-Report-Only"]).to eq("default-src none; script-src self; connect-src self; img-src self; style-src self; report-uri /my_amazing_csp_report_parser")
  end

  it 'should not override the header if already set' do