(t *testing.T)
| 67 | } |
| 68 | |
| 69 | func TestSecureWithConfig_CSPReportOnly(t *testing.T) { |
| 70 | // Custom with CSPReportOnly flag |
| 71 | e := echo.New() |
| 72 | h := func(c *echo.Context) error { |
| 73 | return c.String(http.StatusOK, "test") |
| 74 | } |
| 75 | |
| 76 | req := httptest.NewRequest(http.MethodGet, "/", nil) |
| 77 | req.Header.Set(echo.HeaderXForwardedProto, "https") |
| 78 | rec := httptest.NewRecorder() |
| 79 | c := e.NewContext(req, rec) |
| 80 | |
| 81 | err := SecureWithConfig(SecureConfig{ |
| 82 | XSSProtection: "", |
| 83 | ContentTypeNosniff: "", |
| 84 | XFrameOptions: "", |
| 85 | HSTSMaxAge: 3600, |
| 86 | ContentSecurityPolicy: "default-src 'self'", |
| 87 | CSPReportOnly: true, |
| 88 | ReferrerPolicy: "origin", |
| 89 | })(h)(c) |
| 90 | assert.NoError(t, err) |
| 91 | |
| 92 | assert.Equal(t, "", rec.Header().Get(echo.HeaderXXSSProtection)) |
| 93 | assert.Equal(t, "", rec.Header().Get(echo.HeaderXContentTypeOptions)) |
| 94 | assert.Equal(t, "", rec.Header().Get(echo.HeaderXFrameOptions)) |
| 95 | assert.Equal(t, "max-age=3600; includeSubdomains", rec.Header().Get(echo.HeaderStrictTransportSecurity)) |
| 96 | assert.Equal(t, "default-src 'self'", rec.Header().Get(echo.HeaderContentSecurityPolicyReportOnly)) |
| 97 | assert.Equal(t, "", rec.Header().Get(echo.HeaderContentSecurityPolicy)) |
| 98 | assert.Equal(t, "origin", rec.Header().Get(echo.HeaderReferrerPolicy)) |
| 99 | } |
| 100 | |
| 101 | func TestSecureWithConfig_HSTSPreloadEnabled(t *testing.T) { |
| 102 | // Custom with CSPReportOnly flag |
nothing calls this directly
no test coverage detected
searching dependent graphs…