public function CspOptimizationTest::testReduceSourceListWithWss in Content-Security-Policy 8

Test reducing the source list when 'wss:' is included.

@covers ::reduceSourceList

File

tests/src/Unit/CspOptimizationTest.php, line 341

Class

CspOptimizationTest: Test optimization of CSP directives.

Namespace

Drupal\Tests\csp\Unit

Code

public function testReduceSourceListWithWss() {
  $policy = new Csp();
  $policy
    ->setDirective('script-src', [
    'https:',
    'wss:',
    // Non-secure hosts should be kept.
    'example.com',
    'ws://connect.example.org',
    // Secure Hosts should be removed.
    'wss://connect.example.net',
    // Other network protocols should be kept.
    'ftp:',
    // Non-network protocols should be kept.
    'data:',
    // Additional keywords should be kept.
    Csp::POLICY_UNSAFE_INLINE,
    "'hash-123abc'",
    "'nonce-abc123'",
  ]);
  $this
    ->assertEquals("script-src https: wss: example.com ws://connect.example.org ftp: data: 'unsafe-inline' 'hash-123abc' 'nonce-abc123'", $policy
    ->getHeaderValue());
}

You are here

public function CspOptimizationTest::testReduceSourceListWithWss in Content-Security-Policy 8

File

Class

Namespace

Code

API Navigation