diff options
Diffstat (limited to 'echo/middleware/csp_test.go')
-rw-r--r-- | echo/middleware/csp_test.go | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/echo/middleware/csp_test.go b/echo/middleware/csp_test.go new file mode 100644 index 0000000..71c3f57 --- /dev/null +++ b/echo/middleware/csp_test.go | |||
@@ -0,0 +1,99 @@ | |||
1 | package middleware | ||
2 | |||
3 | import ( | ||
4 | "encoding/json" | ||
5 | "net/url" | ||
6 | "testing" | ||
7 | "time" | ||
8 | |||
9 | "github.com/stretchr/testify/assert" | ||
10 | "github.com/stretchr/testify/suite" | ||
11 | ) | ||
12 | |||
13 | func UrlMustParse(s string) *url.URL { | ||
14 | u, err := url.Parse(s) | ||
15 | if err != nil { | ||
16 | panic(err) | ||
17 | } | ||
18 | return u | ||
19 | } | ||
20 | |||
21 | type ContentSecurityPolicyConfigSuite struct { | ||
22 | suite.Suite | ||
23 | } | ||
24 | |||
25 | func TestContentSecurityPolicyConfigSuite(t *testing.T) { | ||
26 | suite.Run(t, &ContentSecurityPolicyConfigSuite{}) | ||
27 | } | ||
28 | |||
29 | func (s *ContentSecurityPolicyConfigSuite) TestBoolField() { | ||
30 | c := &ContentSecurityPolicyConfig{ | ||
31 | DefaultSrc: []CSPDirective{ | ||
32 | CSPSelf, | ||
33 | CSPHost("https://example.com"), | ||
34 | }, | ||
35 | UpgradeInsecureRequests: true, | ||
36 | } | ||
37 | |||
38 | assert.Equal( | ||
39 | s.T(), | ||
40 | "default-src 'self' https://example.com; upgrade-insecure-requests;", | ||
41 | c.String(), | ||
42 | ) | ||
43 | } | ||
44 | |||
45 | func (s *ContentSecurityPolicyConfigSuite) TestListOfStrings() { | ||
46 | c := &ContentSecurityPolicyConfig{ | ||
47 | DefaultSrc: []CSPDirective{ | ||
48 | CSPSelf, | ||
49 | CSPHost("https://example.com"), | ||
50 | }, | ||
51 | ConnectSrc: []CSPDirective{ | ||
52 | CSPData, | ||
53 | CSPHost("https://*.example.com"), | ||
54 | }, | ||
55 | } | ||
56 | |||
57 | assert.Equal( | ||
58 | s.T(), | ||
59 | "default-src 'self' https://example.com; connect-src data: https://*.example.com;", | ||
60 | c.String(), | ||
61 | ) | ||
62 | } | ||
63 | |||
64 | func (s *ContentSecurityPolicyConfigSuite) TestListOfUrls() { | ||
65 | c := &ContentSecurityPolicyConfig{ | ||
66 | ReportUri: []*url.URL{ | ||
67 | UrlMustParse("https://example.com/report"), | ||
68 | UrlMustParse("https://example.com/report2"), | ||
69 | }, | ||
70 | } | ||
71 | |||
72 | assert.Equal( | ||
73 | s.T(), | ||
74 | "report-uri https://example.com/report https://example.com/report2;", | ||
75 | c.String(), | ||
76 | ) | ||
77 | } | ||
78 | |||
79 | func TestReportToMarshalJSON(t *testing.T) { | ||
80 | c := &CSPReportTo{ | ||
81 | GroupName: "group", | ||
82 | MaxAge: 24 * time.Hour, | ||
83 | Endpoints: []*url.URL{ | ||
84 | UrlMustParse("https://example.com/report"), | ||
85 | UrlMustParse("https://example.com/report2"), | ||
86 | }, | ||
87 | } | ||
88 | |||
89 | b, err := json.Marshal(c) | ||
90 | if err != nil { | ||
91 | t.Fail() | ||
92 | } | ||
93 | |||
94 | assert.Equal( | ||
95 | t, | ||
96 | `{"endpoints":[{"url":"https://example.com/report"},{"url":"https://example.com/report2"}],"group":"group","max_age":86400}`, | ||
97 | string(b), | ||
98 | ) | ||
99 | } | ||