You are here

public function CoreCspSubscriberTest::testCkeditorScript in Content-Security-Policy 8

Test that including ckeditor modifies enabled script directives.

@covers ::onCspPolicyAlter

File

tests/src/Unit/EventSubscriber/CoreCspSubscriberTest.php, line 130

Class

CoreCspSubscriberTest
@coversDefaultClass \Drupal\csp\EventSubscriber\CoreCspSubscriber @group csp

Namespace

Drupal\Tests\csp\Unit\EventSubscriber

Code

public function testCkeditorScript() {
  $policy = new Csp();
  $policy
    ->setDirective('default-src', [
    Csp::POLICY_ANY,
  ]);
  $policy
    ->setDirective('script-src', [
    Csp::POLICY_SELF,
  ]);
  $policy
    ->setDirective('script-src-attr', [
    Csp::POLICY_SELF,
  ]);
  $policy
    ->setDirective('script-src-elem', [
    Csp::POLICY_SELF,
  ]);
  $this->response
    ->method('getAttachments')
    ->willReturn([
    'library' => [
      'core/ckeditor',
    ],
  ]);
  $alterEvent = new PolicyAlterEvent($policy, $this->response);
  $this->coreCspSubscriber
    ->onCspPolicyAlter($alterEvent);
  $this
    ->assertEquals([
    Csp::POLICY_SELF,
    Csp::POLICY_UNSAFE_INLINE,
  ], $alterEvent
    ->getPolicy()
    ->getDirective('script-src'));
  $this
    ->assertEquals([
    Csp::POLICY_SELF,
    Csp::POLICY_UNSAFE_INLINE,
  ], $alterEvent
    ->getPolicy()
    ->getDirective('script-src-attr'));
  $this
    ->assertEquals([
    Csp::POLICY_SELF,
  ], $alterEvent
    ->getPolicy()
    ->getDirective('script-src-elem'));
}