diff options
| author | Guillermo Iguaran <guilleiguaran@gmail.com> | 2018-02-18 14:09:42 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-02-18 14:09:42 -0500 |
| commit | 86f7c269073a3a9e6ddec9b957deaa2716f2627d (patch) | |
| tree | ac555ff8f1dc19d0d3e13c5fd7832cde882e145a /actionpack/test/dispatch/content_security_policy_test.rb | |
| parent | 5ece2e4a4459065b5efd976aebd209bbf0cab89b (diff) | |
| parent | 53d863d4bbfe279e00433ef3672b040e2e6ef267 (diff) | |
| download | rails-86f7c269073a3a9e6ddec9b957deaa2716f2627d.tar.gz rails-86f7c269073a3a9e6ddec9b957deaa2716f2627d.tar.bz2 rails-86f7c269073a3a9e6ddec9b957deaa2716f2627d.zip | |
Merge pull request #32045 from eagletmt/skip-csp-header
Skip generating empty CSP header when no policy is configured
Diffstat (limited to 'actionpack/test/dispatch/content_security_policy_test.rb')
| -rw-r--r-- | actionpack/test/dispatch/content_security_policy_test.rb | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/actionpack/test/dispatch/content_security_policy_test.rb b/actionpack/test/dispatch/content_security_policy_test.rb index 7c4a65a633..cfec81eeae 100644 --- a/actionpack/test/dispatch/content_security_policy_test.rb +++ b/actionpack/test/dispatch/content_security_policy_test.rb @@ -8,7 +8,7 @@ class ContentSecurityPolicyTest < ActiveSupport::TestCase end def test_build - assert_equal ";", @policy.build + assert_nil @policy.build @policy.script_src :self assert_equal "script-src 'self';", @policy.build @@ -271,6 +271,10 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest head :ok end + def empty_policy + head :ok + end + private def condition? params[:condition] == "true" @@ -284,12 +288,14 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest get "/inline", to: "policy#inline" get "/conditional", to: "policy#conditional" get "/report-only", to: "policy#report_only" + get "/empty-policy", to: "policy#empty_policy" end end POLICY = ActionDispatch::ContentSecurityPolicy.new do |p| p.default_src :self end + EMPTY_POLICY = ActionDispatch::ContentSecurityPolicy.new class PolicyConfigMiddleware def initialize(app) @@ -297,7 +303,12 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest end def call(env) - env["action_dispatch.content_security_policy"] = POLICY + env["action_dispatch.content_security_policy"] = + if env["PATH_INFO"] == "/empty-policy" + EMPTY_POLICY + else + POLICY + end env["action_dispatch.content_security_policy_report_only"] = false env["action_dispatch.show_exceptions"] = false @@ -337,6 +348,13 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest assert_policy "default-src 'self'; report-uri /violations;", report_only: true end + def test_empty_policy + get "/empty-policy" + assert_response :success + assert_not response.headers.key?("Content-Security-Policy") + assert_not response.headers.key?("Content-Security-Policy-Report-Only") + end + private def env_config |