mirror of
https://github.com/discourse/discourse.git
synced 2024-12-23 17:13:42 +08:00
2393234be5
* DEV: remove legacy CSP implementation that allowed for non-strict-dynamic behaviour
20 lines
580 B
Ruby
20 lines
580 B
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe "content security policy integration" do
|
|
it "adds the csp headers correctly" do
|
|
Fabricate(:admin) # to avoid 'new installation' screen
|
|
|
|
SiteSetting.content_security_policy = false
|
|
get "/"
|
|
expect(response.headers["Content-Security-Policy"]).to eq(nil)
|
|
|
|
SiteSetting.content_security_policy = true
|
|
get "/"
|
|
expect(response.headers["Content-Security-Policy"]).to be_present
|
|
|
|
expect(response.headers["Content-Security-Policy"]).to match(
|
|
/script-src 'nonce-[^']+' 'strict-dynamic';/,
|
|
)
|
|
end
|
|
end
|