public function CspOptimizationTest::testReduceSourceListAny in Content-Security-Policy 8
Test reducing source list when any host allowed.
@covers ::reduceSourceList
File
- tests/
src/ Unit/ CspOptimizationTest.php, line 214
Class
- CspOptimizationTest
- Test optimization of CSP directives.
Namespace
Drupal\Tests\csp\UnitCode
public function testReduceSourceListAny() {
$policy = new Csp();
$policy
->setDirective('script-src', [
Csp::POLICY_ANY,
// Hosts and network protocols should be removed.
'example.com',
'https://example.com',
'http:',
'https:',
'ftp:',
'ws:',
'wss:',
// Non-network protocols should be kept.
'data:',
// Additional keywords should be kept.
Csp::POLICY_UNSAFE_INLINE,
"'hash-123abc'",
"'nonce-abc123'",
]);
$this
->assertEquals("script-src * data: 'unsafe-inline' 'hash-123abc' 'nonce-abc123'", $policy
->getHeaderValue());
}