diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2023-08-11 14:04:49 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-11 14:04:49 +0200 |
| commit | 9fb08f506fd42fa7b7a143e40e081782fec359d7 (patch) | |
| tree | 504a75e3f95c4bddbc6794f4ed7787caacffce2a /tests | |
| parent | 833489d754d125f06b67df40674b8f5b3da2ee69 (diff) | |
| parent | 41f2d912d26b7155d61c921d4e53ee7d846522ed (diff) | |
| download | nextcloud-server-9fb08f506fd42fa7b7a143e40e081782fec359d7.tar.gz nextcloud-server-9fb08f506fd42fa7b7a143e40e081782fec359d7.zip | |
Merge pull request #38082 from nextcloud/allow-wasm-unsafe-eval-in-csp
Allow "wasm-unsafe-eval" in CSP
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php | 7 | ||||
| -rw-r--r-- | tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php b/tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php index 53632da93d1..8e6ac32b416 100644 --- a/tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php +++ b/tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php @@ -456,6 +456,13 @@ class ContentSecurityPolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } + public function testGetPolicyUnsafeWasmEval() { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'wasm-unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + + $this->contentSecurityPolicy->allowEvalWasm(true); + $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); + } + public function testGetPolicyNonce() { $nonce = 'my-nonce'; $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-".base64_encode($nonce) . "';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; diff --git a/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php b/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php index dc10d095ab5..328e464f981 100644 --- a/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php +++ b/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php @@ -75,6 +75,13 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } + public function testGetPolicyScriptAllowWasmEval() { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'wasm-unsafe-eval';frame-ancestors 'none'"; + + $this->contentSecurityPolicy->allowEvalWasm(true); + $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); + } + public function testGetPolicyStyleDomainValid() { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.owncloud.com;frame-ancestors 'none'"; |