public function CspOptimizationTest::testReduceSourceListWithHttps in Content-Security-Policy 8

Test reducing the source list when 'https:' is included.

@covers ::reduceSourceList

File

tests/src/Unit/CspOptimizationTest.php, line 277

Class

CspOptimizationTest: Test optimization of CSP directives.

Namespace

Drupal\Tests\csp\Unit

Code

public function testReduceSourceListWithHttps() {
  $policy = new Csp();
  $policy
    ->setDirective('script-src', [
    'https:',
    // Non-secure hosts should be kept.
    'example.com',
    'http://example.org',
    // Secure Hosts should be removed.
    'https://example.net',
    // Other network protocols should be kept.
    'ftp:',
    // Non-network protocols should be kept.
    'data:',
    // Additional keywords should be kept.
    Csp::POLICY_UNSAFE_INLINE,
    "'hash-123abc'",
    "'nonce-abc123'",
  ]);
  $this
    ->assertEquals("script-src https: example.com http://example.org ftp: data: 'unsafe-inline' 'hash-123abc' 'nonce-abc123'", $policy
    ->getHeaderValue());
}

You are here

public function CspOptimizationTest::testReduceSourceListWithHttps in Content-Security-Policy 8

File

Class

Namespace

Code

API Navigation