public function ResponseCspSubscriberTest::testWithLibraryDirective in Content-Security-Policy 8
Test that library sources are included.
@covers ::onKernelResponse
File
- tests/
src/ Unit/ EventSubscriber/ ResponseCspSubscriberTest.php, line 428
Class
- ResponseCspSubscriberTest
- @coversDefaultClass \Drupal\csp\EventSubscriber\ResponseCspSubscriber @group csp
Namespace
Drupal\Tests\csp\Unit\EventSubscriberCode
public function testWithLibraryDirective() {
/** @var \Drupal\Core\Config\ConfigFactoryInterface|\PHPUnit_Framework_MockObject_MockObject $configFactory */
$configFactory = $this
->getConfigFactoryStub([
'system.performance' => [
'css.preprocess' => TRUE,
],
'csp.settings' => [
'report-only' => [
'enable' => TRUE,
'directives' => [
'script-src' => [
'base' => 'any',
'flags' => [
'unsafe-inline',
],
],
'style-src' => [
'base' => 'self',
'flags' => [
'unsafe-inline',
],
],
'style-src-elem' => [
'base' => 'self',
],
],
],
],
]);
$this->libraryPolicy
->expects($this
->any())
->method('getSources')
->willReturn([
'style-src' => [
'example.com',
],
'style-src-elem' => [
'example.com',
],
]);
$subscriber = new ResponseCspSubscriber($configFactory, $this->libraryPolicy, $this->reportingHandlerPluginManager, $this->eventDispatcher);
$this->response->headers
->expects($this
->once())
->method('set')
->with($this
->equalTo('Content-Security-Policy-Report-Only'), $this
->equalTo("script-src * 'unsafe-inline'; style-src 'self' 'unsafe-inline' example.com; style-src-elem 'self' example.com"));
$subscriber
->onKernelResponse($this->event);
}