public function ResponseCspSubscriberTest::testBothPolicies in Content-Security-Policy 8
Check the generated headers with both policies enabled.
@covers ::onKernelResponse
File
- tests/
src/ Unit/ EventSubscriber/ ResponseCspSubscriberTest.php, line 362
Class
- ResponseCspSubscriberTest
- @coversDefaultClass \Drupal\csp\EventSubscriber\ResponseCspSubscriber @group csp
Namespace
Drupal\Tests\csp\Unit\EventSubscriberCode
public function testBothPolicies() {
/** @var \Drupal\Core\Config\ConfigFactoryInterface|\PHPUnit_Framework_MockObject_MockObject $configFactory */
$configFactory = $this
->getConfigFactoryStub([
'system.performance' => [
'css.preprocess' => TRUE,
],
'csp.settings' => [
'report-only' => [
'enable' => TRUE,
'directives' => [
'script-src' => [
'base' => 'any',
'flags' => [
'unsafe-inline',
],
],
'style-src' => [
'base' => 'any',
'flags' => [
'unsafe-inline',
],
],
],
],
'enforce' => [
'enable' => TRUE,
'directives' => [
'script-src' => [
'base' => 'self',
],
'style-src' => [
'base' => 'self',
],
],
],
],
]);
$this->libraryPolicy
->expects($this
->any())
->method('getSources')
->willReturn([]);
$subscriber = new ResponseCspSubscriber($configFactory, $this->libraryPolicy, $this->reportingHandlerPluginManager, $this->eventDispatcher);
$this->response->headers
->expects($this
->exactly(2))
->method('set')
->withConsecutive([
$this
->equalTo('Content-Security-Policy-Report-Only'),
$this
->equalTo("script-src * 'unsafe-inline'; style-src * 'unsafe-inline'"),
], [
$this
->equalTo('Content-Security-Policy'),
$this
->equalTo("script-src 'self'; style-src 'self'"),
]);
$subscriber
->onKernelResponse($this->event);
}