public function CspOptimizationTest::testScriptSrcFallback in Content-Security-Policy 8

Test optimizing policy based on the script-src fallback list.

@covers ::getHeaderValue @covers ::getDirectiveFallbackList @covers ::reduceSourceList

File

tests/src/Unit/CspOptimizationTest.php, line 143

Class

CspOptimizationTest

Test optimization of CSP directives.

Namespace

Drupal\Tests\csp\Unit

Code

public function testScriptSrcFallback() {
  $policy = new Csp();
  $policy
    ->setDirective('default-src', Csp::POLICY_SELF);
  $policy
    ->setDirective('script-src', [
    Csp::POLICY_SELF,
    Csp::POLICY_UNSAFE_INLINE,
  ]);

  // script-src-elem should not fall back to default-src.
  $policy
    ->setDirective('script-src-elem', Csp::POLICY_SELF);
  $policy
    ->setDirective('script-src-attr', Csp::POLICY_UNSAFE_INLINE);
  $this
    ->assertEquals("default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-attr 'unsafe-inline'; script-src-elem 'self'", $policy
    ->getHeaderValue());
  $policy
    ->setDirective('script-src-attr', [
    Csp::POLICY_SELF,
    Csp::POLICY_UNSAFE_INLINE,
  ]);
  $this
    ->assertEquals("default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self'", $policy
    ->getHeaderValue());
}