diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-04-03 18:42:34 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-04-16 14:09:39 +0200 |
| commit | 7276735eb423ed126333923bb921d9d4bef16f07 (patch) | |
| tree | 4131f2b8665f2e5066eb84d9ef39691709accc42 /tests/lib/AppFramework/Http/ResponseTest.php | |
| parent | 4e88cd3aae0b1c8e662197dd10e2e65ffe8cf489 (diff) | |
| download | nextcloud-server-7276735eb423ed126333923bb921d9d4bef16f07.tar.gz nextcloud-server-7276735eb423ed126333923bb921d9d4bef16f07.zip | |
Set empty CSP by default
For #14179
By default responses should have the strictest (and simplest) CSP
possible. Only template responses should require an actual CSP.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'tests/lib/AppFramework/Http/ResponseTest.php')
| -rw-r--r-- | tests/lib/AppFramework/Http/ResponseTest.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tests/lib/AppFramework/Http/ResponseTest.php b/tests/lib/AppFramework/Http/ResponseTest.php index 18a9a398f72..e840111db19 100644 --- a/tests/lib/AppFramework/Http/ResponseTest.php +++ b/tests/lib/AppFramework/Http/ResponseTest.php @@ -59,7 +59,7 @@ class ResponseTest extends \Test\TestCase { $this->childResponse->setHeaders($expected); $headers = $this->childResponse->getHeaders(); - $expected['Content-Security-Policy'] = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self'"; + $expected['Content-Security-Policy'] = "default-src 'none';base-uri 'none';manifest-src 'self'"; $this->assertEquals($expected, $headers); } @@ -86,7 +86,7 @@ class ResponseTest extends \Test\TestCase { } public function testGetCspEmpty() { - $this->assertNull($this->childResponse->getContentSecurityPolicy()); + $this->assertEquals(new Http\EmptyContentSecurityPolicy(), $this->childResponse->getContentSecurityPolicy()); } public function testAddHeaderValueNullDeletesIt(){ |