github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 02:19:27 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
cb3456e18f
discourse/spec/system/content_security_policy_spec.rb
Kelv 2393234be5
DEV: remove legacy CSP implementation to make strict-dynamic only accepted behaviour (#27486) 
* DEV: remove legacy CSP implementation that allowed for non-strict-dynamic behaviour
2024-06-18 16:40:53 +08:00

31 lines
879 B
Ruby
Raw Blame History

# frozen_string_literal: true
describe "Content security policy", type: :system do
it "can boot the application in strict_dynamic mode" do
expect(SiteSetting.content_security_policy).to eq(true)
visit "/"
expect(page).to have_css("#site-logo")
end
it "works for 'public exceptions' like RoutingError" do
expect(SiteSetting.content_security_policy).to eq(true)
SiteSetting.bootstrap_error_pages = true
get "/nonexistent"
expect(response.headers["Content-Security-Policy"]).to include("'strict-dynamic'")
visit "/nonexistent"
expect(page).not_to have_css("body.no-ember")
expect(page).to have_css("#site-logo")
end
it "can boot logster in strict_dynamic mode" do
expect(SiteSetting.content_security_policy).to eq(true)
sign_in Fabricate(:admin)
visit "/logs"
expect(page).to have_css("#log-table")
end
end
Reference in New Issue View Git Blame Copy Permalink