You are here

public function ResponseCspSubscriberTest::testEnforcedResponse in Content-Security-Policy 8

Check the policy with enforcement enabled.

@covers ::onKernelResponse

File

tests/src/Unit/EventSubscriber/ResponseCspSubscriberTest.php, line 313

Class

ResponseCspSubscriberTest
@coversDefaultClass \Drupal\csp\EventSubscriber\ResponseCspSubscriber @group csp

Namespace

Drupal\Tests\csp\Unit\EventSubscriber

Code

public function testEnforcedResponse() {

  /** @var \Drupal\Core\Config\ConfigFactoryInterface|\PHPUnit_Framework_MockObject_MockObject $configFactory */
  $configFactory = $this
    ->getConfigFactoryStub([
    'system.performance' => [
      'css.preprocess' => TRUE,
    ],
    'csp.settings' => [
      'enforce' => [
        'enable' => TRUE,
        'directives' => [
          'script-src' => [
            'base' => 'self',
            'flags' => [
              'unsafe-inline',
            ],
          ],
          'style-src' => [
            'base' => 'self',
          ],
        ],
      ],
      'report-only' => [
        'enable' => FALSE,
      ],
    ],
  ]);
  $this->libraryPolicy
    ->expects($this
    ->any())
    ->method('getSources')
    ->willReturn([]);
  $subscriber = new ResponseCspSubscriber($configFactory, $this->libraryPolicy, $this->reportingHandlerPluginManager, $this->eventDispatcher);
  $this->response->headers
    ->expects($this
    ->once())
    ->method('set')
    ->with($this
    ->equalTo('Content-Security-Policy'), $this
    ->equalTo("script-src 'self' 'unsafe-inline'; style-src 'self'"));
  $subscriber
    ->onKernelResponse($this->event);
}