MCPcopy
hub / github.com/labstack/echo / TestSecureWithConfig_CSPReportOnly

Function TestSecureWithConfig_CSPReportOnly

middleware/secure_test.go:69–99  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

67}
68
69func TestSecureWithConfig_CSPReportOnly(t *testing.T) {
70 // Custom with CSPReportOnly flag
71 e := echo.New()
72 h := func(c *echo.Context) error {
73 return c.String(http.StatusOK, "test")
74 }
75
76 req := httptest.NewRequest(http.MethodGet, "/", nil)
77 req.Header.Set(echo.HeaderXForwardedProto, "https")
78 rec := httptest.NewRecorder()
79 c := e.NewContext(req, rec)
80
81 err := SecureWithConfig(SecureConfig{
82 XSSProtection: "",
83 ContentTypeNosniff: "",
84 XFrameOptions: "",
85 HSTSMaxAge: 3600,
86 ContentSecurityPolicy: "default-src 'self'",
87 CSPReportOnly: true,
88 ReferrerPolicy: "origin",
89 })(h)(c)
90 assert.NoError(t, err)
91
92 assert.Equal(t, "", rec.Header().Get(echo.HeaderXXSSProtection))
93 assert.Equal(t, "", rec.Header().Get(echo.HeaderXContentTypeOptions))
94 assert.Equal(t, "", rec.Header().Get(echo.HeaderXFrameOptions))
95 assert.Equal(t, "max-age=3600; includeSubdomains", rec.Header().Get(echo.HeaderStrictTransportSecurity))
96 assert.Equal(t, "default-src 'self'", rec.Header().Get(echo.HeaderContentSecurityPolicyReportOnly))
97 assert.Equal(t, "", rec.Header().Get(echo.HeaderContentSecurityPolicy))
98 assert.Equal(t, "origin", rec.Header().Get(echo.HeaderReferrerPolicy))
99}
100
101func TestSecureWithConfig_HSTSPreloadEnabled(t *testing.T) {
102 // Custom with CSPReportOnly flag

Callers

nothing calls this directly

Calls 6

StringMethod · 0.95
SecureWithConfigFunction · 0.85
SetMethod · 0.80
NewContextMethod · 0.80
GetMethod · 0.45
HeaderMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…