2017-10-23 05:17:23 +00:00
|
|
|
"use strict";
|
|
|
|
|
|
|
|
const utils = require("./lib/utils");
|
|
|
|
const injected = require("./lib/injected");
|
|
|
|
const testServer = require("./lib/server");
|
|
|
|
|
2017-10-26 04:02:06 +00:00
|
|
|
describe("Content-Security-Protocol Issues", function () {
|
2017-10-23 05:17:23 +00:00
|
|
|
|
|
|
|
describe("script-src", function () {
|
|
|
|
|
|
|
|
this.timeout = () => 20000;
|
|
|
|
|
|
|
|
it("default-src and script-src (from Pitchfork.com)", function (done) {
|
|
|
|
|
|
|
|
const [server, testUrl] = testServer.start(function (headers) {
|
|
|
|
// Add the CSP header to every request
|
2017-10-23 08:29:59 +00:00
|
|
|
const pitchforkCSP = [
|
|
|
|
"default-src https: data: 'unsafe-inline' 'unsafe-eval';",
|
|
|
|
"child-src https: data: blob:; connect-src https: data: blob:;",
|
|
|
|
"font-src https: data:; img-src https: data: blob:;",
|
|
|
|
"media-src https: data: blob:;",
|
|
|
|
"object-src https:;",
|
|
|
|
"script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';",
|
|
|
|
"style-src https: 'unsafe-inline';",
|
|
|
|
];
|
|
|
|
headers["Content-Security-Protocol"] = pitchforkCSP.join(" ");
|
2017-10-23 05:17:23 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
const svgTestScript = injected.testSVGTestScript();
|
|
|
|
const standardsToBlock = utils.constants.svgBlockRule;
|
|
|
|
let driverReference;
|
|
|
|
|
|
|
|
utils.promiseGetDriver()
|
|
|
|
.then(function (driver) {
|
|
|
|
driverReference = driver;
|
|
|
|
return utils.promiseSetBlockingRules(driver, standardsToBlock);
|
|
|
|
})
|
|
|
|
.then(() => driverReference.get(testUrl))
|
|
|
|
.then(() => driverReference.executeAsyncScript(svgTestScript))
|
|
|
|
.then(function () {
|
|
|
|
driverReference.quit();
|
|
|
|
testServer.stop(server);
|
|
|
|
done();
|
|
|
|
})
|
|
|
|
.catch(function (e) {
|
|
|
|
driverReference.quit();
|
|
|
|
testServer.stop(server);
|
|
|
|
done(e);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
2017-10-23 08:29:59 +00:00
|
|
|
});
|