public function CspOptimizationTest::testReduceAttrSourceListNoUnsafeHash in Content-Security-Policy 8
Without 'unsafe-hashes', attr directives should not have hash sources.
@covers ::reduceAttrSourceList
File
- tests/
src/ Unit/ CspOptimizationTest.php, line 417
Class
- CspOptimizationTest
- Test optimization of CSP directives.
Namespace
Drupal\Tests\csp\UnitCode
public function testReduceAttrSourceListNoUnsafeHash() {
$policy = new Csp();
$policy
->setDirective('script-src-attr', [
Csp::POLICY_UNSAFE_INLINE,
"'sha256-BnZSlC9IkS7BVcseRf0CAOmLntfifZIosT2C1OMQ088='",
]);
$this
->assertEquals("script-src-attr 'unsafe-inline'", $policy
->getHeaderValue());
}