(t *testing.T)
| 70 | } |
| 71 | |
| 72 | func TestCSP(t *testing.T) { |
| 73 | t.Parallel() |
| 74 | |
| 75 | proxyHosts := []*proxyhealth.ProxyHost{ |
| 76 | { |
| 77 | Host: "test.com", |
| 78 | AppHost: "*.test.com", |
| 79 | }, |
| 80 | { |
| 81 | Host: "coder.com", |
| 82 | AppHost: "*.coder.com", |
| 83 | }, |
| 84 | { |
| 85 | // Host is not added because it duplicates the host header. |
| 86 | Host: "example.com", |
| 87 | AppHost: "*.coder2.com", |
| 88 | }, |
| 89 | } |
| 90 | expectedMedia := []string{"media.com", "media2.com"} |
| 91 | |
| 92 | expected := []string{ |
| 93 | "frame-src 'self' *.test.com *.coder.com *.coder2.com", |
| 94 | "media-src 'self' " + strings.Join(expectedMedia, " "), |
| 95 | strings.Join([]string{ |
| 96 | "connect-src", "'self'", |
| 97 | // Added from host header. |
| 98 | "wss://example.com", "ws://example.com", |
| 99 | // Added via proxy hosts. |
| 100 | "wss://test.com", "ws://test.com", "https://test.com", "http://test.com", |
| 101 | "wss://coder.com", "ws://coder.com", "https://coder.com", "http://coder.com", |
| 102 | }, " "), |
| 103 | } |
| 104 | |
| 105 | // When the host is empty, it uses example.com. |
| 106 | r := httptest.NewRequest(http.MethodGet, "/", nil) |
| 107 | rw := httptest.NewRecorder() |
| 108 | |
| 109 | httpmw.CSPHeaders(false, func() []*proxyhealth.ProxyHost { |
| 110 | return proxyHosts |
| 111 | }, map[httpmw.CSPFetchDirective][]string{ |
| 112 | httpmw.CSPDirectiveMediaSrc: expectedMedia, |
| 113 | })(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { |
| 114 | rw.WriteHeader(http.StatusOK) |
| 115 | })).ServeHTTP(rw, r) |
| 116 | |
| 117 | require.NotEmpty(t, rw.Header().Get("Content-Security-Policy"), "Content-Security-Policy header should not be empty") |
| 118 | for _, e := range expected { |
| 119 | require.Contains(t, rw.Header().Get("Content-Security-Policy"), e) |
| 120 | } |
| 121 | } |
nothing calls this directly
no test coverage detected