summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2019-04-03 18:42:34 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2019-04-16 14:09:39 +0200
commit7276735eb423ed126333923bb921d9d4bef16f07 (patch)
tree4131f2b8665f2e5066eb84d9ef39691709accc42 /tests
parent4e88cd3aae0b1c8e662197dd10e2e65ffe8cf489 (diff)
downloadnextcloud-server-7276735eb423ed126333923bb921d9d4bef16f07.tar.gz
nextcloud-server-7276735eb423ed126333923bb921d9d4bef16f07.zip
Set empty CSP by default
For #14179 By default responses should have the strictest (and simplest) CSP possible. Only template responses should require an actual CSP. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'tests')
-rw-r--r--tests/lib/AppFramework/Controller/ControllerTest.php2
-rw-r--r--tests/lib/AppFramework/Http/DataResponseTest.php2
-rw-r--r--tests/lib/AppFramework/Http/ResponseTest.php4
3 files changed, 4 insertions, 4 deletions
diff --git a/tests/lib/AppFramework/Controller/ControllerTest.php b/tests/lib/AppFramework/Controller/ControllerTest.php
index 3d1d7e66e84..c37a2a3456c 100644
--- a/tests/lib/AppFramework/Controller/ControllerTest.php
+++ b/tests/lib/AppFramework/Controller/ControllerTest.php
@@ -116,7 +116,7 @@ class ControllerTest extends \Test\TestCase {
'test' => 'something',
'Cache-Control' => 'no-cache, no-store, must-revalidate',
'Content-Type' => 'application/json; charset=utf-8',
- 'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self'",
+ 'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self'",
];
$response = $this->controller->customDataResponse(array('hi'));
diff --git a/tests/lib/AppFramework/Http/DataResponseTest.php b/tests/lib/AppFramework/Http/DataResponseTest.php
index 67ffdde8669..e0eca83f6e9 100644
--- a/tests/lib/AppFramework/Http/DataResponseTest.php
+++ b/tests/lib/AppFramework/Http/DataResponseTest.php
@@ -68,7 +68,7 @@ class DataResponseTest extends \Test\TestCase {
$expectedHeaders = [
'Cache-Control' => 'no-cache, no-store, must-revalidate',
- 'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self'",
+ 'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self'",
];
$expectedHeaders = array_merge($expectedHeaders, $headers);
diff --git a/tests/lib/AppFramework/Http/ResponseTest.php b/tests/lib/AppFramework/Http/ResponseTest.php
index 18a9a398f72..e840111db19 100644
--- a/tests/lib/AppFramework/Http/ResponseTest.php
+++ b/tests/lib/AppFramework/Http/ResponseTest.php
@@ -59,7 +59,7 @@ class ResponseTest extends \Test\TestCase {
$this->childResponse->setHeaders($expected);
$headers = $this->childResponse->getHeaders();
- $expected['Content-Security-Policy'] = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self'";
+ $expected['Content-Security-Policy'] = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->assertEquals($expected, $headers);
}
@@ -86,7 +86,7 @@ class ResponseTest extends \Test\TestCase {
}
public function testGetCspEmpty() {
- $this->assertNull($this->childResponse->getContentSecurityPolicy());
+ $this->assertEquals(new Http\EmptyContentSecurityPolicy(), $this->childResponse->getContentSecurityPolicy());
}
public function testAddHeaderValueNullDeletesIt(){