diff options
author | Andrew White <pixeltrix@users.noreply.github.com> | 2018-02-22 15:32:23 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-22 15:32:23 +0000 |
commit | e20742f12b362676e8f69fe68c3193ad80a90172 (patch) | |
tree | 6e8a3c3b0206673cc7a27d67750af0f053acc96d /actionpack/test | |
parent | 1c36aa71bd352e3704f424991f77c780853b3ac4 (diff) | |
parent | 31abee0341cb9d19f0234da7b42dddbabfcd1d4a (diff) | |
download | rails-e20742f12b362676e8f69fe68c3193ad80a90172.tar.gz rails-e20742f12b362676e8f69fe68c3193ad80a90172.tar.bz2 rails-e20742f12b362676e8f69fe68c3193ad80a90172.zip |
Merge pull request #32018 from rails/add-nonce-support-to-csp
Add support for automatic nonce generation for Rails UJS
Diffstat (limited to 'actionpack/test')
-rw-r--r-- | actionpack/test/dispatch/content_security_policy_test.rb | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/actionpack/test/dispatch/content_security_policy_test.rb b/actionpack/test/dispatch/content_security_policy_test.rb index 5184e4f960..b88f90190a 100644 --- a/actionpack/test/dispatch/content_security_policy_test.rb +++ b/actionpack/test/dispatch/content_security_policy_test.rb @@ -253,6 +253,11 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest p.report_uri "/violations" end + content_security_policy only: :script_src do |p| + p.default_src false + p.script_src :self + end + content_security_policy_report_only only: :report_only def index @@ -271,6 +276,10 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest head :ok end + def script_src + head :ok + end + private def condition? params[:condition] == "true" @@ -284,6 +293,7 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest get "/inline", to: "policy#inline" get "/conditional", to: "policy#conditional" get "/report-only", to: "policy#report_only" + get "/script-src", to: "policy#script_src" end end @@ -298,6 +308,7 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest def call(env) env["action_dispatch.content_security_policy"] = POLICY + env["action_dispatch.content_security_policy_nonce_generator"] = proc { "iyhD0Yc0W+c=" } env["action_dispatch.content_security_policy_report_only"] = false env["action_dispatch.show_exceptions"] = false @@ -337,6 +348,11 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest assert_policy "default-src 'self'; report-uri /violations", report_only: true end + def test_adds_nonce_to_script_src_content_security_policy + get "/script-src" + assert_policy "script-src 'self' 'nonce-iyhD0Yc0W+c='" + end + private def env_config |