summaryrefslogtreecommitdiff
path: root/src/chttpd/test/eunit/chttpd_xframe_test.erl
blob: ee2a0996b852038add2e66f355f9afebda7498b3 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

-module(chttpd_xframe_test).

-include_lib("couch/include/couch_db.hrl").
-include_lib("eunit/include/eunit.hrl").

setup_all() ->
    ok = meck:new(config),
    ok = meck:expect(config, get, fun(_, _, _) -> "X-Forwarded-Host" end),
    ok.

teardown_all(_) ->
    meck:unload().

setup() ->
    meck:reset([config]).

teardown(_) ->
    ok.

mock_request() ->
    Headers = mochiweb_headers:make([{"Host", "examples.com"}]),
    MochiReq = mochiweb_request:new(nil, 'GET', '/', {1, 1}, Headers),
    #httpd{mochi_req = MochiReq}.

config_disabled() ->
    [
        {enabled, false}
    ].

config_sameorigin() ->
    [
        {enabled, true},
        {same_origin, true}
    ].

config_wildcard() ->
    [
        {enabled, true},
        {same_origin, false},
        {hosts, ["*"]}
    ].

config_specific_hosts() ->
    [
        {enabled, true},
        {same_origin, false},
        {hosts, ["http://couchdb.org", "http://examples.com"]}
    ].

config_diffent_specific_hosts() ->
    [
        {enabled, true},
        {same_origin, false},
        {hosts, ["http://couchdb.org"]}
    ].

no_header_if_xframe_disabled_test() ->
    Headers = chttpd_xframe_options:header(mock_request(), [], config_disabled()),
    ?assertEqual(Headers, []).

enabled_with_same_origin_test() ->
    Headers = chttpd_xframe_options:header(mock_request(), [], config_sameorigin()),
    ?assertEqual(Headers, [{"X-Frame-Options", "SAMEORIGIN"}]).

xframe_host_test_() ->
    {
        "xframe host tests",
        {
            setup,
            fun setup_all/0,
            fun teardown_all/1,
            {
                foreach,
                fun setup/0,
                fun teardown/1,
                [
                    fun allow_with_wildcard_host/1,
                    fun allow_with_specific_host/1,
                    fun deny_with_different_host/1
                ]
            }
        }
    }.

allow_with_wildcard_host(_) ->
    Headers = chttpd_xframe_options:header(mock_request(), [], config_wildcard()),
    ?_assertEqual([{"X-Frame-Options", "ALLOW-FROM http://examples.com"}], Headers).

allow_with_specific_host(_) ->
    Headers = chttpd_xframe_options:header(mock_request(), [], config_specific_hosts()),
    ?_assertEqual([{"X-Frame-Options", "ALLOW-FROM http://examples.com"}], Headers).

deny_with_different_host(_) ->
    Headers = chttpd_xframe_options:header(mock_request(), [], config_diffent_specific_hosts()),
    ?_assertEqual([{"X-Frame-Options", "DENY"}], Headers).
View Lorry Controller Status