| 40 | } |
| 41 | |
| 42 | func Test_CustomValues_AllHeaders(t *testing.T) { |
| 43 | app := fiber.New() |
| 44 | |
| 45 | app.Use(New(Config{ |
| 46 | // Custom values for all headers |
| 47 | XSSProtection: "0", |
| 48 | ContentTypeNosniff: "custom-nosniff", |
| 49 | XFrameOptions: "DENY", |
| 50 | HSTSExcludeSubdomains: true, |
| 51 | ContentSecurityPolicy: "default-src 'none'", |
| 52 | CSPReportOnly: true, |
| 53 | ReferrerPolicy: "origin", |
| 54 | PermissionPolicy: "geolocation=(self)", |
| 55 | CrossOriginEmbedderPolicy: "custom-value", |
| 56 | CrossOriginOpenerPolicy: "custom-value", |
| 57 | CrossOriginResourcePolicy: "custom-value", |
| 58 | OriginAgentCluster: "custom-value", |
| 59 | XDNSPrefetchControl: "custom-control", |
| 60 | XDownloadOptions: "custom-options", |
| 61 | XPermittedCrossDomain: "custom-policies", |
| 62 | })) |
| 63 | |
| 64 | app.Get("/", func(c fiber.Ctx) error { |
| 65 | return c.SendString("Hello, World!") |
| 66 | }) |
| 67 | |
| 68 | resp, err := app.Test(httptest.NewRequest(fiber.MethodGet, "/", http.NoBody)) |
| 69 | require.NoError(t, err) |
| 70 | // Assertions for custom header values |
| 71 | require.Equal(t, "0", resp.Header.Get(fiber.HeaderXXSSProtection)) |
| 72 | require.Equal(t, "custom-nosniff", resp.Header.Get(fiber.HeaderXContentTypeOptions)) |
| 73 | require.Equal(t, "DENY", resp.Header.Get(fiber.HeaderXFrameOptions)) |
| 74 | require.Equal(t, "default-src 'none'", resp.Header.Get(fiber.HeaderContentSecurityPolicyReportOnly)) |
| 75 | require.Equal(t, "origin", resp.Header.Get(fiber.HeaderReferrerPolicy)) |
| 76 | require.Equal(t, "geolocation=(self)", resp.Header.Get(fiber.HeaderPermissionsPolicy)) |
| 77 | require.Equal(t, "custom-value", resp.Header.Get("Cross-Origin-Embedder-Policy")) |
| 78 | require.Equal(t, "custom-value", resp.Header.Get("Cross-Origin-Opener-Policy")) |
| 79 | require.Equal(t, "custom-value", resp.Header.Get("Cross-Origin-Resource-Policy")) |
| 80 | require.Equal(t, "custom-value", resp.Header.Get("Origin-Agent-Cluster")) |
| 81 | require.Equal(t, "custom-control", resp.Header.Get("X-DNS-Prefetch-Control")) |
| 82 | require.Equal(t, "custom-options", resp.Header.Get("X-Download-Options")) |
| 83 | require.Equal(t, "custom-policies", resp.Header.Get("X-Permitted-Cross-Domain-Policies")) |
| 84 | } |
| 85 | |
| 86 | func Test_RealWorldValues_AllHeaders(t *testing.T) { |
| 87 | app := fiber.New() |