tildeverse
/
tilde.news
mirror of https://github.com/tildeverse/lobsters
5
3
Fork 3
Code Issues 2 Releases Wiki Activity
tilde.news/spec/requests/content_security_policy_spe...

23 lines
546 B
Ruby
Raw Blame History

# typed: false
require "rails_helper"
describe "content security policy" do
it "sets the correct headers" do
get "/"
directives = [
"default-src 'none'",
"connect-src 'self'",
"font-src 'self' https: data:",
"img-src * data:",
"script-src 'self' 'unsafe-inline' 'unsafe-eval'",
"style-src 'self' 'unsafe-inline'",
"form-action 'self'",
"report-uri /csp-violation-report"
].join("; ")
expect(response.headers["Content-Security-Policy-Report-Only"]).to eq(directives)
end
end
Reference in New Issue View Git Blame Copy Permalink