public function SecKitTestCase::testCSPVendorPrefixWebkitAllDirectivesEmpty in Security Kit 7

Tests Content Security Policy with one vendor-prefixed header enabled.

The enabled headers should contain default values.

File

./seckit.test, line 281: Tests for Security Kit module.

Class

SecKitTestCase: Functional tests for Security Kit.

Code

public function testCSPVendorPrefixWebkitAllDirectivesEmpty() {
  $form = array(
    'seckit_xss[csp][checkbox]' => TRUE,
    'seckit_xss[csp][vendor-prefix][x]' => FALSE,
    'seckit_xss[csp][vendor-prefix][webkit]' => TRUE,
    'seckit_xss[csp][default-src]' => '',
    'seckit_xss[csp][script-src]' => '',
    'seckit_xss[csp][object-src]' => '',
    'seckit_xss[csp][img-src]' => '',
    'seckit_xss[csp][media-src]' => '',
    'seckit_xss[csp][style-src]' => '',
    'seckit_xss[csp][frame-src]' => '',
    'seckit_xss[csp][frame-ancestors]' => '',
    'seckit_xss[csp][child-src]' => '',
    'seckit_xss[csp][font-src]' => '',
    'seckit_xss[csp][connect-src]' => '',
    'seckit_xss[csp][report-uri]' => '',
    'seckit_xss[csp][policy-uri]' => '',
  );
  $this
    ->drupalPost('admin/config/system/seckit', $form, t('Save configuration'));
  $expected = "default-src 'self'; report-uri " . base_path() . SECKIT_CSP_REPORT_URL;
  $this
    ->assertEqual($expected, $this
    ->drupalGetHeader('Content-Security-Policy'), t('Content-Security-Policy has default directive.'));
  $this
    ->assertFalse($this
    ->drupalGetHeader('X-Content-Security-Policy'), t('Vendor prefixed X-Content-Security-Policy header is disabled.'));
  $this
    ->assertEqual($expected, $this
    ->drupalGetHeader('X-WebKit-CSP'), t('X-WebKit-CSP has default directve.'));
}

You are here

public function SecKitTestCase::testCSPVendorPrefixWebkitAllDirectivesEmpty in Security Kit 7

File

Class

Code

API Navigation