Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/integration/content_security_policy_spe...

20 lines
580 B
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
RSpec.describe "content security policy integration" do
it "adds the csp headers correctly" do
Fabricate(:admin) # to avoid 'new installation' screen
SiteSetting.content_security_policy = false
get "/"
expect(response.headers["Content-Security-Policy"]).to eq(nil)
SiteSetting.content_security_policy = true
get "/"
expect(response.headers["Content-Security-Policy"]).to be_present
expect(response.headers["Content-Security-Policy"]).to match(
/script-src 'nonce-[^']+' 'strict-dynamic';/,
)
end
end
Reference in New Issue View Git Blame Copy Permalink