You are here

Home » API reference » Content-Security-Policy 8 » CspTest.php » CspTest

public function CspTest::testFallbackAwareAppendIfEnabled in Content-Security-Policy 8

Appending to a directive if it or a fallback is enabled.

@covers ::fallbackAwareAppendIfEnabled

File

tests/src/Unit/CspTest.php, line 267

Class

CspTest
Test manipulating directives in a policy.

Namespace

Drupal\Tests\csp\Unit

Code

public function testFallbackAwareAppendIfEnabled() {

  // If no relevant directives are enabled, they should not change.
  $policy = new Csp();
  $policy
    ->setDirective('style-src', Csp::POLICY_SELF);
  $policy
    ->fallbackAwareAppendIfEnabled('script-src-attr', Csp::POLICY_UNSAFE_INLINE);
  $this
    ->assertFalse($policy
    ->hasDirective('default-src'));
  $this
    ->assertFalse($policy
    ->hasDirective('script-src'));
  $this
    ->assertFalse($policy
    ->hasDirective('script-src-attr'));

  // Script-src-attr should copy value from default-src.  Script-src should
  // not be changed.
  $policy = new Csp();
  $policy
    ->setDirective('default-src', Csp::POLICY_SELF);
  $policy
    ->fallbackAwareAppendIfEnabled('script-src-attr', Csp::POLICY_UNSAFE_INLINE);
  $this
    ->assertEquals([
    Csp::POLICY_SELF,
  ], $policy
    ->getDirective('default-src'));
  $this
    ->assertFalse($policy
    ->hasDirective('script-src'));
  $this
    ->assertEquals([
    Csp::POLICY_SELF,
    Csp::POLICY_UNSAFE_INLINE,
  ], $policy
    ->getDirective('script-src-attr'));

  // Script-src-attr should copy value from script-src.
  $policy = new Csp();
  $policy
    ->setDirective('script-src', Csp::POLICY_SELF);
  $policy
    ->fallbackAwareAppendIfEnabled('script-src-attr', Csp::POLICY_UNSAFE_INLINE);
  $this
    ->assertFalse($policy
    ->hasDirective('default-src'));
  $this
    ->assertEquals([
    Csp::POLICY_SELF,
  ], $policy
    ->getDirective('script-src'));
  $this
    ->assertEquals([
    Csp::POLICY_SELF,
    Csp::POLICY_UNSAFE_INLINE,
  ], $policy
    ->getDirective('script-src-attr'));

  // Script-src-attr should only append to existing value if enabled.
  $policy = new Csp();
  $policy
    ->setDirective('script-src', Csp::POLICY_SELF);
  $policy
    ->setDirective('script-src-attr', []);
  $policy
    ->fallbackAwareAppendIfEnabled('script-src-attr', Csp::POLICY_UNSAFE_INLINE);
  $this
    ->assertFalse($policy
    ->hasDirective('default-src'));
  $this
    ->assertEquals([
    Csp::POLICY_SELF,
  ], $policy
    ->getDirective('script-src'));
  $this
    ->assertEquals([
    Csp::POLICY_UNSAFE_INLINE,
  ], $policy
    ->getDirective('script-src-attr'));
}