You are here

Home » API reference » Security Kit 7 » seckit.test » SecKitTestCase

public function SecKitTestCase::testCSPHasAllDirectives in Security Kit 7

Same name and namespace in other branches
  1. 6 seckit.test \SecKitTestCase::testCSPHasAllDirectives()

Tests Content Security Policy with all enabled directives.

File

./seckit.test, line 57
Tests for Security Kit module.

Class

SecKitTestCase
Functional tests for Security Kit.

Code

public function testCSPHasAllDirectives() {
  $form = array(
    'seckit_xss[csp][checkbox]' => TRUE,
    'seckit_xss[csp][vendor-prefix][x]' => TRUE,
    'seckit_xss[csp][vendor-prefix][webkit]' => TRUE,
    'seckit_xss[csp][default-src]' => '*',
    'seckit_xss[csp][script-src]' => '*',
    'seckit_xss[csp][object-src]' => '*',
    'seckit_xss[csp][style-src]' => '*',
    'seckit_xss[csp][img-src]' => '*',
    'seckit_xss[csp][media-src]' => '*',
    'seckit_xss[csp][frame-src]' => '*',
    'seckit_xss[csp][frame-ancestors]' => '*',
    'seckit_xss[csp][child-src]' => '*',
    'seckit_xss[csp][font-src]' => '*',
    'seckit_xss[csp][connect-src]' => '*',
    'seckit_xss[csp][report-uri]' => SECKIT_CSP_REPORT_URL,
    'seckit_xss[csp][upgrade-req]' => TRUE,
  );
  $this
    ->drupalPost('admin/config/system/seckit', $form, t('Save configuration'));
  $expected = 'default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src *; report-uri ' . base_path() . SECKIT_CSP_REPORT_URL . '; upgrade-insecure-requests';
  $this
    ->assertEqual($expected, $this
    ->drupalGetHeader('Content-Security-Policy'), t('Content-Security-Policy has all the directves.'));
  $this
    ->assertEqual($expected, $this
    ->drupalGetHeader('X-Content-Security-Policy'), t('X-Content-Security-Policy has all the directves.'));
  $this
    ->assertEqual($expected, $this
    ->drupalGetHeader('X-WebKit-CSP'), t('X-WebKit-CSP has all the directves.'));
}