public function SecKitTestCaseTest::testCspHasAllDirectives in Security Kit 2.x
Same name and namespace in other branches
- 8 tests/src/Functional/SecKitTestCaseTest.php \Drupal\Tests\seckit\Functional\SecKitTestCaseTest::testCspHasAllDirectives()
Tests Content Security Policy with all enabled directives.
File
- tests/
src/ Functional/ SecKitTestCaseTest.php, line 84
Class
- SecKitTestCaseTest
- Functional tests for Security Kit.
Namespace
Drupal\Tests\seckit\FunctionalCode
public function testCspHasAllDirectives() {
$form = [
'seckit_xss[csp][checkbox]' => TRUE,
'seckit_xss[csp][vendor-prefix][x]' => TRUE,
'seckit_xss[csp][vendor-prefix][webkit]' => TRUE,
'seckit_xss[csp][default-src]' => '*',
'seckit_xss[csp][script-src]' => '*',
'seckit_xss[csp][object-src]' => '*',
'seckit_xss[csp][style-src]' => '*',
'seckit_xss[csp][img-src]' => '*',
'seckit_xss[csp][media-src]' => '*',
'seckit_xss[csp][frame-src]' => '*',
'seckit_xss[csp][frame-ancestors]' => '*',
'seckit_xss[csp][child-src]' => '*',
'seckit_xss[csp][font-src]' => '*',
'seckit_xss[csp][connect-src]' => '*',
'seckit_xss[csp][report-uri]' => $this->reportPath,
'seckit_xss[csp][upgrade-req]' => TRUE,
];
$this
->drupalPostForm('admin/config/system/seckit', $form, t('Save configuration'));
$expected = 'default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src *; report-uri ' . base_path() . $this->reportPath . '; upgrade-insecure-requests';
$this
->assertSession()
->responseHeaderEquals('Content-Security-Policy', $expected);
$this
->assertSession()
->responseHeaderEquals('X-Content-Security-Policy', $expected);
$this
->assertSession()
->responseHeaderEquals('X-WebKit-CSP', $expected);
}