web-api-manager/test/functional/csp.js

53 lines
2 KiB
JavaScript
Raw Permalink Normal View History

"use strict";
const utils = require("./lib/utils");
const injected = require("./lib/injected");
const testServer = require("./lib/server");
describe("Content-Security-Protocol Issues", function () {
describe("script-src", function () {
this.timeout = () => 20000;
it("default-src and script-src (from Pitchfork.com)", function (done) {
const [server, testUrl] = testServer.start(function (headers) {
// Add the CSP header to every request
const pitchforkCSP = [
"default-src https: data: 'unsafe-inline' 'unsafe-eval';",
"child-src https: data: blob:; connect-src https: data: blob:;",
"font-src https: data:; img-src https: data: blob:;",
"media-src https: data: blob:;",
"object-src https:;",
"script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';",
"style-src https: 'unsafe-inline';",
];
headers["Content-Security-Protocol"] = pitchforkCSP.join(" ");
});
const svgTestScript = injected.testSVGTestScript();
const standardsToBlock = utils.constants.svgBlockRule;
let driverReference;
utils.promiseGetDriver()
.then(function (driver) {
driverReference = driver;
return utils.promiseSetBlockingRules(driver, standardsToBlock);
})
.then(() => driverReference.get(testUrl))
.then(() => driverReference.executeAsyncScript(svgTestScript))
.then(function () {
driverReference.quit();
testServer.stop(server);
done();
})
.catch(function (e) {
driverReference.quit();
testServer.stop(server);
done(e);
});
});
});
});