diff options
| author | Côme Chilliet <come.chilliet@nextcloud.com> | 2024-03-12 16:38:32 +0100 |
|---|---|---|
| committer | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-03-13 12:49:52 +0100 |
| commit | 9f819f311f6182f864486dae61284d94117222f8 (patch) | |
| tree | 7d0b4392b60dd306ce01c097a9a106746e6baaed /core/js/tests | |
| parent | d7193ef65e14e3d240e9942e0630f96c7125f8f3 (diff) | |
| download | nextcloud-server-9f819f311f6182f864486dae61284d94117222f8.tar.gz nextcloud-server-9f819f311f6182f864486dae61284d94117222f8.zip | |
feat: Migrate HSTS check to Security headers SetupCheck
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Diffstat (limited to 'core/js/tests')
| -rw-r--r-- | core/js/tests/specs/setupchecksSpec.js | 194 |
1 files changed, 0 insertions, 194 deletions
diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js index b027bfd21bd..99f72754ace 100644 --- a/core/js/tests/specs/setupchecksSpec.js +++ b/core/js/tests/specs/setupchecksSpec.js @@ -320,198 +320,4 @@ describe('OC.SetupChecks tests', function() { }); }); }); - - describe('checkGeneric', function() { - it('should return an error if the response has no statuscode 200', function(done) { - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond( - 500, - { - 'Content-Type': 'application/json' - } - ); - - async.done(function( data, s, x ){ - expect(data).toEqual([{ - msg: 'Error occurred while checking server setup', - type: OC.SetupChecks.MESSAGE_TYPE_ERROR - }]); - done(); - }); - }); - }); - - it('should return an error if the response has no statuscode 200', function(done) { - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond( - 500, - { - 'Content-Type': 'application/json' - }, - JSON.stringify({data: {serverHasInternetConnectionProblems: true}}) - ); - async.done(function( data, s, x ){ - expect(data).toEqual([{ - msg: 'Error occurred while checking server setup', - type: OC.SetupChecks.MESSAGE_TYPE_ERROR - }]); - done(); - }); - }); - - it('should return a SSL warning if SSL used without Strict-Transport-Security-Header', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, - { - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - } - ); - - async.done(function( data, s, x ){ - expect(data).toEqual([{ - msg: 'The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the <a target="_blank" rel="noreferrer noopener" class="external" href="https://docs.example.org/admin-security">security tips ↗</a>.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }]); - done(); - }); - }); - - it('should return a SSL warning if SSL used with to small Strict-Transport-Security-Header', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, - { - 'Strict-Transport-Security': 'max-age=15551999', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - } - ); - - async.done(function( data, s, x ){ - expect(data).toEqual([{ - msg: 'The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the <a target="_blank" rel="noreferrer noopener" class="external" href="https://docs.example.org/admin-security">security tips ↗</a>.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }]); - done(); - }); - }); - - it('should return a SSL warning if SSL used with to a bogus Strict-Transport-Security-Header', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, - { - 'Strict-Transport-Security': 'iAmABogusHeader342', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - } - ); - - async.done(function( data, s, x ){ - expect(data).toEqual([{ - msg: 'The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the <a target="_blank" rel="noreferrer noopener" class="external" href="https://docs.example.org/admin-security">security tips ↗</a>.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }]); - done(); - }); - }); - - it('should return no SSL warning if SSL used with to exact the minimum Strict-Transport-Security-Header', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - - async.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return no SSL warning if SSL used with to more than the minimum Strict-Transport-Security-Header', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=99999999', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - - async.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return no SSL warning if SSL used with to more than the minimum Strict-Transport-Security-Header and includeSubDomains parameter', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=99999999; includeSubDomains', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - - async.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return no SSL warning if SSL used with to more than the minimum Strict-Transport-Security-Header and includeSubDomains and preload parameter', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=99999999; preload; includeSubDomains', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - - async.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); }); |