diff options
author | Yuji Yaginuma <yuuji.yaginuma@gmail.com> | 2018-09-20 08:31:08 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-09-20 08:31:08 +0900 |
commit | 12c2dab41b86331c155c72a9c003826ea487a079 (patch) | |
tree | 4e0870888e291a81e3e2ef244a3eb213ff393351 /actionpack/test/dispatch | |
parent | e0d3313bac6bd2fbf10df27d79d72157f63ae6ba (diff) | |
parent | 0c85def8bae901631810e002f1cf7b61750b3a17 (diff) | |
download | rails-12c2dab41b86331c155c72a9c003826ea487a079.tar.gz rails-12c2dab41b86331c155c72a9c003826ea487a079.tar.bz2 rails-12c2dab41b86331c155c72a9c003826ea487a079.zip |
Merge pull request #32932 from y-yagi/fixes_32920
Add CSP nonce to `style-src` directive
Diffstat (limited to 'actionpack/test/dispatch')
-rw-r--r-- | actionpack/test/dispatch/content_security_policy_test.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/actionpack/test/dispatch/content_security_policy_test.rb b/actionpack/test/dispatch/content_security_policy_test.rb index 4f9a4ff2bd..13ad22b5c5 100644 --- a/actionpack/test/dispatch/content_security_policy_test.rb +++ b/actionpack/test/dispatch/content_security_policy_test.rb @@ -339,6 +339,11 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest p.script_src :self end + content_security_policy only: :style_src do |p| + p.default_src false + p.style_src :self + end + content_security_policy(false, only: :no_policy) content_security_policy_report_only only: :report_only @@ -363,6 +368,10 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest head :ok end + def style_src + head :ok + end + def no_policy head :ok end @@ -381,6 +390,7 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest get "/conditional", to: "policy#conditional" get "/report-only", to: "policy#report_only" get "/script-src", to: "policy#script_src" + get "/style-src", to: "policy#style_src" get "/no-policy", to: "policy#no_policy" end end @@ -441,6 +451,11 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest assert_policy "script-src 'self' 'nonce-iyhD0Yc0W+c='" end + def test_adds_nonce_to_style_src_content_security_policy + get "/style-src" + assert_policy "style-src 'self' 'nonce-iyhD0Yc0W+c='" + end + def test_generates_no_content_security_policy get "/no-policy" |