(t *testing.T)
| 99 | } |
| 100 | |
| 101 | func TestSecureWithConfig_HSTSPreloadEnabled(t *testing.T) { |
| 102 | // Custom with CSPReportOnly flag |
| 103 | e := echo.New() |
| 104 | h := func(c *echo.Context) error { |
| 105 | return c.String(http.StatusOK, "test") |
| 106 | } |
| 107 | |
| 108 | req := httptest.NewRequest(http.MethodGet, "/", nil) |
| 109 | // Custom, with preload option enabled |
| 110 | req.Header.Set(echo.HeaderXForwardedProto, "https") |
| 111 | rec := httptest.NewRecorder() |
| 112 | c := e.NewContext(req, rec) |
| 113 | |
| 114 | err := SecureWithConfig(SecureConfig{ |
| 115 | HSTSMaxAge: 3600, |
| 116 | HSTSPreloadEnabled: true, |
| 117 | })(h)(c) |
| 118 | assert.NoError(t, err) |
| 119 | |
| 120 | assert.Equal(t, "max-age=3600; includeSubdomains; preload", rec.Header().Get(echo.HeaderStrictTransportSecurity)) |
| 121 | |
| 122 | } |
| 123 | |
| 124 | func TestSecureWithConfig_HSTSExcludeSubdomains(t *testing.T) { |
| 125 | // Custom with CSPReportOnly flag |
nothing calls this directly
no test coverage detected
searching dependent graphs…