MCPcopy
hub / github.com/gofiber/fiber / Test_RealWorldValues_AllHeaders

Function Test_RealWorldValues_AllHeaders

middleware/helmet/helmet_test.go:86–129  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

84}
85
86func Test_RealWorldValues_AllHeaders(t *testing.T) {
87 app := fiber.New()
88
89 app.Use(New(Config{
90 // Real-world values for all headers
91 XSSProtection: "0",
92 ContentTypeNosniff: "nosniff",
93 XFrameOptions: "SAMEORIGIN",
94 HSTSExcludeSubdomains: false,
95 ContentSecurityPolicy: "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests",
96 CSPReportOnly: false,
97 HSTSPreloadEnabled: true,
98 ReferrerPolicy: "no-referrer",
99 PermissionPolicy: "geolocation=(self)",
100 CrossOriginEmbedderPolicy: "require-corp",
101 CrossOriginOpenerPolicy: "same-origin",
102 CrossOriginResourcePolicy: "same-origin",
103 OriginAgentCluster: "?1",
104 XDNSPrefetchControl: "off",
105 XDownloadOptions: "noopen",
106 XPermittedCrossDomain: "none",
107 }))
108
109 app.Get("/", func(c fiber.Ctx) error {
110 return c.SendString("Hello, World!")
111 })
112
113 resp, err := app.Test(httptest.NewRequest(fiber.MethodGet, "/", http.NoBody))
114 require.NoError(t, err)
115 // Assertions for real-world header values
116 require.Equal(t, "0", resp.Header.Get(fiber.HeaderXXSSProtection))
117 require.Equal(t, "nosniff", resp.Header.Get(fiber.HeaderXContentTypeOptions))
118 require.Equal(t, "SAMEORIGIN", resp.Header.Get(fiber.HeaderXFrameOptions))
119 require.Equal(t, "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests", resp.Header.Get(fiber.HeaderContentSecurityPolicy))
120 require.Equal(t, "no-referrer", resp.Header.Get(fiber.HeaderReferrerPolicy))
121 require.Equal(t, "geolocation=(self)", resp.Header.Get(fiber.HeaderPermissionsPolicy))
122 require.Equal(t, "require-corp", resp.Header.Get("Cross-Origin-Embedder-Policy"))
123 require.Equal(t, "same-origin", resp.Header.Get("Cross-Origin-Opener-Policy"))
124 require.Equal(t, "same-origin", resp.Header.Get("Cross-Origin-Resource-Policy"))
125 require.Equal(t, "?1", resp.Header.Get("Origin-Agent-Cluster"))
126 require.Equal(t, "off", resp.Header.Get("X-DNS-Prefetch-Control"))
127 require.Equal(t, "noopen", resp.Header.Get("X-Download-Options"))
128 require.Equal(t, "none", resp.Header.Get("X-Permitted-Cross-Domain-Policies"))
129}
130
131func Test_Next(t *testing.T) {
132 app := fiber.New()

Callers

nothing calls this directly

Calls 6

TestMethod · 0.80
NewFunction · 0.70
NewMethod · 0.65
UseMethod · 0.65
GetMethod · 0.65
SendStringMethod · 0.65

Tested by

no test coverage detected