aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch/content_security_policy_test.rb
diff options
context:
space:
mode:
authoryuuji.yaginuma <yuuji.yaginuma@gmail.com>2019-07-18 09:31:51 +0900
committeryuuji.yaginuma <yuuji.yaginuma@gmail.com>2019-07-18 10:00:54 +0900
commitefae4c268bbecbfbf8020c3302183ce0887f083a (patch)
tree6d9ab6828d90188287fc815c84bdafd3deef4176 /actionpack/test/dispatch/content_security_policy_test.rb
parentc5a24c8ebba543687c11f893584618a20316fe34 (diff)
downloadrails-efae4c268bbecbfbf8020c3302183ce0887f083a.tar.gz
rails-efae4c268bbecbfbf8020c3302183ce0887f083a.tar.bz2
rails-efae4c268bbecbfbf8020c3302183ce0887f083a.zip
Add support for script-src-attr / elem and style-src-attr / elem directives
These directives can be used in Chrome 75. Ref: https://www.chromestatus.com/feature/5141352765456384
Diffstat (limited to 'actionpack/test/dispatch/content_security_policy_test.rb')
-rw-r--r--actionpack/test/dispatch/content_security_policy_test.rb24
1 files changed, 24 insertions, 0 deletions
diff --git a/actionpack/test/dispatch/content_security_policy_test.rb b/actionpack/test/dispatch/content_security_policy_test.rb
index a4634626bb..3d60dc1661 100644
--- a/actionpack/test/dispatch/content_security_policy_test.rb
+++ b/actionpack/test/dispatch/content_security_policy_test.rb
@@ -128,12 +128,36 @@ class ContentSecurityPolicyTest < ActiveSupport::TestCase
@policy.script_src false
assert_no_match %r{script-src}, @policy.build
+ @policy.script_src_attr :self
+ assert_match %r{script-src-attr 'self'}, @policy.build
+
+ @policy.script_src_attr false
+ assert_no_match %r{script-src-attr}, @policy.build
+
+ @policy.script_src_elem :self
+ assert_match %r{script-src-elem 'self'}, @policy.build
+
+ @policy.script_src_elem false
+ assert_no_match %r{script-src-elem}, @policy.build
+
@policy.style_src :self
assert_match %r{style-src 'self'}, @policy.build
@policy.style_src false
assert_no_match %r{style-src}, @policy.build
+ @policy.style_src_attr :self
+ assert_match %r{style-src-attr 'self'}, @policy.build
+
+ @policy.style_src_attr false
+ assert_no_match %r{style-src-attr}, @policy.build
+
+ @policy.style_src_elem :self
+ assert_match %r{style-src-elem 'self'}, @policy.build
+
+ @policy.style_src_elem false
+ assert_no_match %r{style-src-elem}, @policy.build
+
@policy.worker_src :self
assert_match %r{worker-src 'self'}, @policy.build