Inicio Explorar Ayuda
Iniciar sesión
RISCI_ATOM
/
mastodon
espejo de https://github.com/tootsuite/mastodon.git
1
0
Fork 0
Archivos Incidencias 8 Wiki
Árbol: 2ee88a99d9
Ramas Etiquetas
mastodon
/
spec
/
requests
/
content_security_policy_spec.rb

content_security_policy_spec.rb 1.1 KB
Histórico Raw

123456789101112131415161718192021222324252627 
  1. # frozen_string_literal: true
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. 

  5. describe 'Content-Security-Policy' do
    6. 

  6.   it 'sets the expected CSP headers' do
    7. 

  7.     allow(SecureRandom).to receive(:base64).with(16).and_return('ZbA+JmE7+bK8F5qvADZHuQ==')
    8. 

  8. 

  9.     get '/'
    10. 

  10.     expect(response.headers['Content-Security-Policy'].split(';').map(&:strip)).to contain_exactly(
    11. 

  11.       "base-uri 'none'",
    12. 

  12.       "default-src 'none'",
    13. 

  13.       "frame-ancestors 'none'",
    14. 

  14.       "font-src 'self' https://cb6e6126.ngrok.io",
    15. 

  15.       "img-src 'self' https: data: blob: https://cb6e6126.ngrok.io",
    16. 

  16.       "style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='",
    17. 

  17.       "media-src 'self' https: data: https://cb6e6126.ngrok.io",
    18. 

  18.       "frame-src 'self' https:",
    19. 

  19.       "manifest-src 'self' https://cb6e6126.ngrok.io",
    20. 

  20.       "form-action 'self'",
    21. 

  21.       "child-src 'self' blob: https://cb6e6126.ngrok.io",
    22. 

  22.       "worker-src 'self' blob: https://cb6e6126.ngrok.io",
    23. 

  23.       "connect-src 'self' data: blob: https://cb6e6126.ngrok.io https://cb6e6126.ngrok.io ws://localhost:4000",
    24. 

  24.       "script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'"
    25. 

  25.     )
    26. 

  26.   end
    27. 

  27. end
    28.