MCPcopy
hub / github.com/labstack/echo / TestSecureWithConfig

Function TestSecureWithConfig

middleware/secure_test.go:36–67  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

34}
35
36func TestSecureWithConfig(t *testing.T) {
37 e := echo.New()
38 h := func(c *echo.Context) error {
39 return c.String(http.StatusOK, "test")
40 }
41
42 req := httptest.NewRequest(http.MethodGet, "/", nil)
43 req.Header.Set(echo.HeaderXForwardedProto, "https")
44 rec := httptest.NewRecorder()
45 c := e.NewContext(req, rec)
46 mw, err := SecureConfig{
47 XSSProtection: "",
48 ContentTypeNosniff: "",
49 XFrameOptions: "",
50 HSTSMaxAge: 3600,
51 ContentSecurityPolicy: "default-src 'self'",
52 ReferrerPolicy: "origin",
53 }.ToMiddleware()
54 assert.NoError(t, err)
55
56 err = mw(h)(c)
57 assert.NoError(t, err)
58
59 assert.Equal(t, "", rec.Header().Get(echo.HeaderXXSSProtection))
60 assert.Equal(t, "", rec.Header().Get(echo.HeaderXContentTypeOptions))
61 assert.Equal(t, "", rec.Header().Get(echo.HeaderXFrameOptions))
62 assert.Equal(t, "max-age=3600; includeSubdomains", rec.Header().Get(echo.HeaderStrictTransportSecurity))
63 assert.Equal(t, "default-src 'self'", rec.Header().Get(echo.HeaderContentSecurityPolicy))
64 assert.Equal(t, "", rec.Header().Get(echo.HeaderContentSecurityPolicyReportOnly))
65 assert.Equal(t, "origin", rec.Header().Get(echo.HeaderReferrerPolicy))
66
67}
68
69func TestSecureWithConfig_CSPReportOnly(t *testing.T) {
70 // Custom with CSPReportOnly flag

Callers

nothing calls this directly

Calls 6

StringMethod · 0.95
SetMethod · 0.80
NewContextMethod · 0.80
ToMiddlewareMethod · 0.65
GetMethod · 0.45
HeaderMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…