You are here

public function CspOptimizationTest::testReduceSourceListWithHttp in Content-Security-Policy 8

Test reducing the source list when 'http:' is included.

@covers ::reduceSourceList

File

tests/src/Unit/CspOptimizationTest.php, line 245

Class

CspOptimizationTest
Test optimization of CSP directives.

Namespace

Drupal\Tests\csp\Unit

Code

public function testReduceSourceListWithHttp() {
  $policy = new Csp();
  $policy
    ->setDirective('script-src', [
    'http:',
    // Hosts without protocol should be kept.
    // (e.g. this would allow ftp://example.com)
    'example.com',
    // HTTP hosts should be removed.
    'http://example.org',
    'https://example.net',
    // Other network protocols should be kept.
    'ftp:',
    // Non-network protocols should be kept.
    'data:',
    // Additional keywords should be kept.
    Csp::POLICY_UNSAFE_INLINE,
    "'hash-123abc'",
    "'nonce-abc123'",
  ]);
  $this
    ->assertEquals("script-src http: example.com ftp: data: 'unsafe-inline' 'hash-123abc' 'nonce-abc123'", $policy
    ->getHeaderValue());
}