public function CoreCspSubscriberTest::testCkeditorScriptAttrFallback in Content-Security-Policy 8
Test script-src-attr fallback if script-src enabled.
@covers ::onCspPolicyAlter
File
- tests/
src/ Unit/ EventSubscriber/ CoreCspSubscriberTest.php, line 167
Class
- CoreCspSubscriberTest
- @coversDefaultClass \Drupal\csp\EventSubscriber\CoreCspSubscriber @group csp
Namespace
Drupal\Tests\csp\Unit\EventSubscriberCode
public function testCkeditorScriptAttrFallback() {
$policy = new Csp();
$policy
->setDirective('default-src', [
Csp::POLICY_ANY,
]);
$policy
->setDirective('script-src', [
Csp::POLICY_SELF,
]);
$this->response
->method('getAttachments')
->willReturn([
'library' => [
'core/ckeditor',
],
]);
$alterEvent = new PolicyAlterEvent($policy, $this->response);
$this->coreCspSubscriber
->onCspPolicyAlter($alterEvent);
$this
->assertEquals([
Csp::POLICY_SELF,
Csp::POLICY_UNSAFE_INLINE,
], $alterEvent
->getPolicy()
->getDirective('script-src'));
$this
->assertEquals([
Csp::POLICY_SELF,
Csp::POLICY_UNSAFE_INLINE,
], array_unique($alterEvent
->getPolicy()
->getDirective('script-src-attr')));
$this
->assertEquals([
Csp::POLICY_SELF,
], $alterEvent
->getPolicy()
->getDirective('script-src-elem'));
}