| 155 | } |
| 156 | |
| 157 | func Test_ContentSecurityPolicy(t *testing.T) { |
| 158 | app := fiber.New() |
| 159 | |
| 160 | app.Use(New(Config{ |
| 161 | ContentSecurityPolicy: "default-src 'none'", |
| 162 | })) |
| 163 | |
| 164 | app.Get("/", func(c fiber.Ctx) error { |
| 165 | return c.SendString("Hello, World!") |
| 166 | }) |
| 167 | |
| 168 | resp, err := app.Test(httptest.NewRequest(fiber.MethodGet, "/", http.NoBody)) |
| 169 | require.NoError(t, err) |
| 170 | require.Equal(t, "default-src 'none'", resp.Header.Get(fiber.HeaderContentSecurityPolicy)) |
| 171 | } |
| 172 | |
| 173 | func Test_ContentSecurityPolicyReportOnly(t *testing.T) { |
| 174 | app := fiber.New() |