discourse/spec/system/content_security_policy_spe...

34 lines
1.0 KiB
Ruby

# frozen_string_literal: true
describe "Content security policy", type: :system do
it "can boot the application in strict_dynamic mode" do
expect(SiteSetting.content_security_policy).to eq(true)
SiteSetting.content_security_policy_strict_dynamic = true
visit "/"
expect(page).to have_css("#site-logo")
end
it "works for 'public exceptions' like RoutingError" do
expect(SiteSetting.content_security_policy).to eq(true)
SiteSetting.content_security_policy_strict_dynamic = true
SiteSetting.bootstrap_error_pages = true
get "/nonexistent"
expect(response.headers["Content-Security-Policy"]).to include("'strict-dynamic'")
visit "/nonexistent"
expect(page).not_to have_css("body.no-ember")
expect(page).to have_css("#site-logo")
end
it "can boot logster in strict_dynamic mode" do
expect(SiteSetting.content_security_policy).to eq(true)
sign_in Fabricate(:admin)
SiteSetting.content_security_policy_strict_dynamic = true
visit "/logs"
expect(page).to have_css("#log-table")
end
end