summaryrefslogtreecommitdiffstats
path: root/tests/lib
diff options
context:
space:
mode:
authorThomas Citharel <tcit@tcit.fr>2017-06-19 13:55:46 +0200
committerThomas Citharel <tcit@tcit.fr>2017-09-15 15:23:10 +0200
commitecf347bd1aaaeb2cd11b8ffbc60da099c68f1d83 (patch)
treec18d1ad5792a45f415a38604ef1c3adb3456f901 /tests/lib
parent8500e114575d7e02ffda8070980cc77ba147e60f (diff)
downloadnextcloud-server-ecf347bd1aaaeb2cd11b8ffbc60da099c68f1d83.tar.gz
nextcloud-server-ecf347bd1aaaeb2cd11b8ffbc60da099c68f1d83.zip
Add CSP frame-ancestors support
Didn't set the @since annotation yet. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
Diffstat (limited to 'tests/lib')
-rw-r--r--tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php41
1 files changed, 41 insertions, 0 deletions
diff --git a/tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php b/tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php
index 503148d633a..90dcf99d008 100644
--- a/tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php
+++ b/tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php
@@ -426,4 +426,45 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org')->disallowChildSrcDomain('www.owncloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
+
+
+
+ public function testGetAllowedFrameAncestorDomain() {
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';frame-ancestors sub.nextcloud.com";
+
+ $this->contentSecurityPolicy->addAllowedFrameAncestorDomain('sub.nextcloud.com');
+ $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
+ }
+
+ public function testGetPolicyFrameAncestorValidMultiple() {
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';frame-ancestors sub.nextcloud.com foo.nextcloud.com";
+
+ $this->contentSecurityPolicy->addAllowedFrameAncestorDomain('sub.nextcloud.com');
+ $this->contentSecurityPolicy->addAllowedFrameAncestorDomain('foo.nextcloud.com');
+ $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
+ }
+
+ public function testGetPolicyDisallowFrameAncestorDomain() {
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
+
+ $this->contentSecurityPolicy->addAllowedFrameAncestorDomain('www.nextcloud.com');
+ $this->contentSecurityPolicy->disallowFrameAncestorDomain('www.nextcloud.com');
+ $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
+ }
+
+ public function testGetPolicyDisallowFrameAncestorDomainMultiple() {
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';frame-ancestors www.nextcloud.com";
+
+ $this->contentSecurityPolicy->addAllowedFrameAncestorDomain('www.nextcloud.com');
+ $this->contentSecurityPolicy->disallowFrameAncestorDomain('www.nextcloud.org');
+ $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
+ }
+
+ public function testGetPolicyDisallowFrameAncestorDomainMultipleStakes() {
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
+
+ $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
+ $this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org')->disallowChildSrcDomain('www.owncloud.com');
+ $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
+ }
}