public function CspOptimizationTest::testReduceSourceListWithHttp in Content-Security-Policy 8
Test reducing the source list when 'http:' is included.
@covers ::reduceSourceList
File
- tests/
src/ Unit/ CspOptimizationTest.php, line 245
Class
- CspOptimizationTest
- Test optimization of CSP directives.
Namespace
Drupal\Tests\csp\UnitCode
public function testReduceSourceListWithHttp() {
$policy = new Csp();
$policy
->setDirective('script-src', [
'http:',
// Hosts without protocol should be kept.
// (e.g. this would allow ftp://example.com)
'example.com',
// HTTP hosts should be removed.
'http://example.org',
'https://example.net',
// Other network protocols should be kept.
'ftp:',
// Non-network protocols should be kept.
'data:',
// Additional keywords should be kept.
Csp::POLICY_UNSAFE_INLINE,
"'hash-123abc'",
"'nonce-abc123'",
]);
$this
->assertEquals("script-src http: example.com ftp: data: 'unsafe-inline' 'hash-123abc' 'nonce-abc123'", $policy
->getHeaderValue());
}