school/web-api-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
web-api-manager/test/functional/csp.js

43 lines
No EOL
1.9 KiB
JavaScript
Raw Blame History

"use strict";
const utils = require("./lib/utils");
const injected = require("./lib/injected");
const testServer = require("./lib/server");
describe("Content-Security-Protocol tests", function () {
describe("script-src", function () {
this.timeout = () => 20000;
it("default-src and script-src (from Pitchfork.com)", function (done) {
const [server, testUrl] = testServer.start(function (headers) {
// Add the CSP header to every request
headers['Content-Security-Protocol'] = "default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/pitchfork;";
});
const svgTestScript = injected.testSVGTestScript();
const standardsToBlock = utils.constants.svgBlockRule;
let driverReference;
utils.promiseGetDriver()
.then(function (driver) {
driverReference = driver;
return utils.promiseSetBlockingRules(driver, standardsToBlock);
})
.then(() => driverReference.get(testUrl))
.then(() => driverReference.executeAsyncScript(svgTestScript))
.then(function () {
driverReference.quit();
testServer.stop(server);
done();
})
.catch(function (e) {
driverReference.quit();
testServer.stop(server);
done(e);
});
});
});
});
Reference in a new issue View git blame Copy permalink