aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test
diff options
context:
space:
mode:
authorAndrew White <pixeltrix@users.noreply.github.com>2018-02-22 15:32:23 +0000
committerGitHub <noreply@github.com>2018-02-22 15:32:23 +0000
commite20742f12b362676e8f69fe68c3193ad80a90172 (patch)
tree6e8a3c3b0206673cc7a27d67750af0f053acc96d /actionpack/test
parent1c36aa71bd352e3704f424991f77c780853b3ac4 (diff)
parent31abee0341cb9d19f0234da7b42dddbabfcd1d4a (diff)
downloadrails-e20742f12b362676e8f69fe68c3193ad80a90172.tar.gz
rails-e20742f12b362676e8f69fe68c3193ad80a90172.tar.bz2
rails-e20742f12b362676e8f69fe68c3193ad80a90172.zip
Merge pull request #32018 from rails/add-nonce-support-to-csp
Add support for automatic nonce generation for Rails UJS
Diffstat (limited to 'actionpack/test')
-rw-r--r--actionpack/test/dispatch/content_security_policy_test.rb16
1 files changed, 16 insertions, 0 deletions
diff --git a/actionpack/test/dispatch/content_security_policy_test.rb b/actionpack/test/dispatch/content_security_policy_test.rb
index 5184e4f960..b88f90190a 100644
--- a/actionpack/test/dispatch/content_security_policy_test.rb
+++ b/actionpack/test/dispatch/content_security_policy_test.rb
@@ -253,6 +253,11 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
p.report_uri "/violations"
end
+ content_security_policy only: :script_src do |p|
+ p.default_src false
+ p.script_src :self
+ end
+
content_security_policy_report_only only: :report_only
def index
@@ -271,6 +276,10 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
head :ok
end
+ def script_src
+ head :ok
+ end
+
private
def condition?
params[:condition] == "true"
@@ -284,6 +293,7 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
get "/inline", to: "policy#inline"
get "/conditional", to: "policy#conditional"
get "/report-only", to: "policy#report_only"
+ get "/script-src", to: "policy#script_src"
end
end
@@ -298,6 +308,7 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
def call(env)
env["action_dispatch.content_security_policy"] = POLICY
+ env["action_dispatch.content_security_policy_nonce_generator"] = proc { "iyhD0Yc0W+c=" }
env["action_dispatch.content_security_policy_report_only"] = false
env["action_dispatch.show_exceptions"] = false
@@ -337,6 +348,11 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
assert_policy "default-src 'self'; report-uri /violations", report_only: true
end
+ def test_adds_nonce_to_script_src_content_security_policy
+ get "/script-src"
+ assert_policy "script-src 'self' 'nonce-iyhD0Yc0W+c='"
+ end
+
private
def env_config