mirrors
/
mastodon-glitch
mirror of https://github.com/glitch-soc/mastodon
3
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Reduce `RSpec/ExampleLength` in CSP request spec (#29104)

pull/2674/head
Matt Jankowski 2024-03-13 04:22:32 -04:00 committed by GitHub
parent 00d94f3ffa
commit 96013cd576
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 31 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
spec/requests/content_security_policy_spec.rb
View File

@ -3,25 +3,38 @@
require 'rails_helper' require 'rails_helper'
describe 'Content-Security-Policy' do describe 'Content-Security-Policy' do
it 'sets the expected CSP headers' do before { allow(SecureRandom).to receive(:base64).with(16).and_return('ZbA+JmE7+bK8F5qvADZHuQ==') }
allow(SecureRandom).to receive(:base64).with(16).and_return('ZbA+JmE7+bK8F5qvADZHuQ==')
it 'sets the expected CSP headers' do
get '/' get '/'
expect(response.headers['Content-Security-Policy'].split(';').map(&:strip)).to contain_exactly(
"base-uri 'none'", expect(response_csp_headers)
"default-src 'none'", .to match_array(expected_csp_headers)
"frame-ancestors 'none'", end
"font-src 'self' https://cb6e6126.ngrok.io",
"img-src 'self' data: blob: https://cb6e6126.ngrok.io", def response_csp_headers
"style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='", response
"media-src 'self' data: https://cb6e6126.ngrok.io", .headers['Content-Security-Policy']
"frame-src 'self' https:", .split(';')
"manifest-src 'self' https://cb6e6126.ngrok.io", .map(&:strip)
"form-action 'self'", end
"child-src 'self' blob: https://cb6e6126.ngrok.io",
"worker-src 'self' blob: https://cb6e6126.ngrok.io", def expected_csp_headers
"connect-src 'self' data: blob: https://cb6e6126.ngrok.io ws://cb6e6126.ngrok.io:4000", <<~CSP.split("\n").map(&:strip)
"script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'" base-uri 'none'
) child-src 'self' blob: https://cb6e6126.ngrok.io
connect-src 'self' data: blob: https://cb6e6126.ngrok.io ws://cb6e6126.ngrok.io:4000
default-src 'none'
font-src 'self' https://cb6e6126.ngrok.io
form-action 'self'
frame-ancestors 'none'
frame-src 'self' https:
img-src 'self' data: blob: https://cb6e6126.ngrok.io
manifest-src 'self' https://cb6e6126.ngrok.io
media-src 'self' data: https://cb6e6126.ngrok.io
script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'
style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='
worker-src 'self' blob: https://cb6e6126.ngrok.io
CSP
end end
end end