diff options
Diffstat (limited to 'src/chttpd/test/eunit/chttpd_csp_tests.erl')
-rw-r--r-- | src/chttpd/test/eunit/chttpd_csp_tests.erl | 81 |
1 files changed, 0 insertions, 81 deletions
diff --git a/src/chttpd/test/eunit/chttpd_csp_tests.erl b/src/chttpd/test/eunit/chttpd_csp_tests.erl deleted file mode 100644 index b80e3fee6..000000000 --- a/src/chttpd/test/eunit/chttpd_csp_tests.erl +++ /dev/null @@ -1,81 +0,0 @@ -% Licensed under the Apache License, Version 2.0 (the "License"); you may not -% use this file except in compliance with the License. You may obtain a copy of -% the License at -% -% http://www.apache.org/licenses/LICENSE-2.0 -% -% Unless required by applicable law or agreed to in writing, software -% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -% License for the specific language governing permissions and limitations under -% the License. - --module(chttpd_csp_tests). - --include_lib("couch/include/couch_eunit.hrl"). - - -setup() -> - ok = config:set("csp", "enable", "true", false), - Addr = config:get("chttpd", "bind_address", "127.0.0.1"), - Port = mochiweb_socket_server:get(chttpd, port), - lists:concat(["http://", Addr, ":", Port, "/_utils/"]). - -teardown(_) -> - ok. - - - -csp_test_() -> - { - "Content Security Policy tests", - { - setup, - fun chttpd_test_util:start_couch/0, fun chttpd_test_util:stop_couch/1, - { - foreach, - fun setup/0, fun teardown/1, - [ - fun should_not_return_any_csp_headers_when_disabled/1, - fun should_apply_default_policy/1, - fun should_return_custom_policy/1, - fun should_only_enable_csp_when_true/1 - ] - } - } - }. - - -should_not_return_any_csp_headers_when_disabled(Url) -> - ?_assertEqual(undefined, - begin - ok = config:set("csp", "enable", "false", false), - {ok, _, Headers, _} = test_request:get(Url), - proplists:get_value("Content-Security-Policy", Headers) - end). - -should_apply_default_policy(Url) -> - ?_assertEqual( - "child-src 'self' data: blob:; default-src 'self'; img-src 'self' data:; font-src 'self'; " - "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';", - begin - {ok, _, Headers, _} = test_request:get(Url), - proplists:get_value("Content-Security-Policy", Headers) - end). - -should_return_custom_policy(Url) -> - ?_assertEqual("default-src 'http://example.com';", - begin - ok = config:set("csp", "header_value", - "default-src 'http://example.com';", false), - {ok, _, Headers, _} = test_request:get(Url), - proplists:get_value("Content-Security-Policy", Headers) - end). - -should_only_enable_csp_when_true(Url) -> - ?_assertEqual(undefined, - begin - ok = config:set("csp", "enable", "tru", false), - {ok, _, Headers, _} = test_request:get(Url), - proplists:get_value("Content-Security-Policy", Headers) - end). |