summaryrefslogtreecommitdiffstats
path: root/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php
diff options
context:
space:
mode:
Diffstat (limited to 'tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php')
-rw-r--r--tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php110
1 files changed, 55 insertions, 55 deletions
diff --git a/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php b/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php
index ee4ec6c368c..7c30df730d3 100644
--- a/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php
+++ b/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php
@@ -28,19 +28,19 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDefault() {
- $defaultPolicy = "default-src 'none';base-uri 'none'";
+ $defaultPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->assertSame($defaultPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyScriptDomainValid() {
- $expectedPolicy = "default-src 'none';base-uri 'none';script-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyScriptDomainValidMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';script-src www.owncloud.com www.owncloud.org";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.owncloud.com www.owncloud.org";
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.org');
@@ -48,7 +48,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowScriptDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.com');
@@ -56,7 +56,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowScriptDomainMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';script-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org');
@@ -64,7 +64,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowScriptDomainMultipleStacked() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org')->disallowScriptDomain('www.owncloud.com');
@@ -72,14 +72,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyScriptAllowInline() {
- $expectedPolicy = "default-src 'none';base-uri 'none';script-src 'unsafe-inline'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'unsafe-inline'";
$this->contentSecurityPolicy->allowInlineScript(true);
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyScriptAllowInlineWithDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none';script-src www.owncloud.com 'unsafe-inline'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.owncloud.com 'unsafe-inline'";
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
$this->contentSecurityPolicy->allowInlineScript(true);
@@ -87,7 +87,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyScriptAllowInlineAndEval() {
- $expectedPolicy = "default-src 'none';base-uri 'none';script-src 'unsafe-inline' 'unsafe-eval'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'unsafe-inline' 'unsafe-eval'";
$this->contentSecurityPolicy->allowInlineScript(true);
$this->contentSecurityPolicy->allowEvalScript(true);
@@ -95,14 +95,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyStyleDomainValid() {
- $expectedPolicy = "default-src 'none';base-uri 'none';style-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyStyleDomainValidMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';style-src www.owncloud.com www.owncloud.org";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.owncloud.com www.owncloud.org";
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.org');
@@ -110,7 +110,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowStyleDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.com');
@@ -118,7 +118,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowStyleDomainMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';style-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org');
@@ -126,7 +126,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowStyleDomainMultipleStacked() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org')->disallowStyleDomain('www.owncloud.com');
@@ -134,14 +134,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyStyleAllowInline() {
- $expectedPolicy = "default-src 'none';base-uri 'none';style-src 'unsafe-inline'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src 'unsafe-inline'";
$this->contentSecurityPolicy->allowInlineStyle(true);
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyStyleAllowInlineWithDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none';style-src www.owncloud.com 'unsafe-inline'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.owncloud.com 'unsafe-inline'";
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
$this->contentSecurityPolicy->allowInlineStyle(true);
@@ -149,21 +149,21 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyStyleDisallowInline() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->allowInlineStyle(false);
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyImageDomainValid() {
- $expectedPolicy = "default-src 'none';base-uri 'none';img-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';img-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyImageDomainValidMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';img-src www.owncloud.com www.owncloud.org";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';img-src www.owncloud.com www.owncloud.org";
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.org');
@@ -171,7 +171,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowImageDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.com');
@@ -179,7 +179,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowImageDomainMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';img-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';img-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org');
@@ -187,7 +187,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowImageDomainMultipleStakes() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org')->disallowImageDomain('www.owncloud.com');
@@ -195,14 +195,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyFontDomainValid() {
- $expectedPolicy = "default-src 'none';base-uri 'none';font-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';font-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyFontDomainValidMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';font-src www.owncloud.com www.owncloud.org";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';font-src www.owncloud.com www.owncloud.org";
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.org');
@@ -210,7 +210,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowFontDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.com');
@@ -218,7 +218,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowFontDomainMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';font-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';font-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org');
@@ -226,7 +226,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowFontDomainMultipleStakes() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org')->disallowFontDomain('www.owncloud.com');
@@ -234,14 +234,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyConnectDomainValid() {
- $expectedPolicy = "default-src 'none';base-uri 'none';connect-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';connect-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyConnectDomainValidMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';connect-src www.owncloud.com www.owncloud.org";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';connect-src www.owncloud.com www.owncloud.org";
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.org');
@@ -249,7 +249,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowConnectDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.com');
@@ -257,7 +257,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowConnectDomainMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';connect-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';connect-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org');
@@ -265,7 +265,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowConnectDomainMultipleStakes() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org')->disallowConnectDomain('www.owncloud.com');
@@ -273,14 +273,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyMediaDomainValid() {
- $expectedPolicy = "default-src 'none';base-uri 'none';media-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';media-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyMediaDomainValidMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';media-src www.owncloud.com www.owncloud.org";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';media-src www.owncloud.com www.owncloud.org";
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.org');
@@ -288,7 +288,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowMediaDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.com');
@@ -296,7 +296,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowMediaDomainMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';media-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';media-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org');
@@ -304,7 +304,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowMediaDomainMultipleStakes() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org')->disallowMediaDomain('www.owncloud.com');
@@ -312,14 +312,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyObjectDomainValid() {
- $expectedPolicy = "default-src 'none';base-uri 'none';object-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';object-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyObjectDomainValidMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';object-src www.owncloud.com www.owncloud.org";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';object-src www.owncloud.com www.owncloud.org";
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.org');
@@ -327,7 +327,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowObjectDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.com');
@@ -335,7 +335,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowObjectDomainMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';object-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';object-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org');
@@ -343,7 +343,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowObjectDomainMultipleStakes() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org')->disallowObjectDomain('www.owncloud.com');
@@ -351,14 +351,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetAllowedFrameDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none';frame-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyFrameDomainValidMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';frame-src www.owncloud.com www.owncloud.org";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-src www.owncloud.com www.owncloud.org";
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.org');
@@ -366,7 +366,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowFrameDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.com');
@@ -374,7 +374,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowFrameDomainMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';frame-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org');
@@ -382,7 +382,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowFrameDomainMultipleStakes() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org')->disallowFrameDomain('www.owncloud.com');
@@ -390,14 +390,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetAllowedChildSrcDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none';child-src child.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src child.owncloud.com";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyChildSrcValidMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';child-src child.owncloud.com child.owncloud.org";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src child.owncloud.com child.owncloud.org";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com');
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.org');
@@ -405,7 +405,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowChildSrcDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.com');
@@ -413,7 +413,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowChildSrcDomainMultiple() {
- $expectedPolicy = "default-src 'none';base-uri 'none';child-src www.owncloud.com";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src www.owncloud.com";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org');
@@ -421,7 +421,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyDisallowChildSrcDomainMultipleStakes() {
- $expectedPolicy = "default-src 'none';base-uri 'none'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org')->disallowChildSrcDomain('www.owncloud.com');
@@ -429,7 +429,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyWithJsNonceAndScriptDomains() {
- $expectedPolicy = "default-src 'none';base-uri 'none';script-src 'nonce-TXlKc05vbmNl' www.nextcloud.com www.nextcloud.org";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-TXlKc05vbmNl' www.nextcloud.com www.nextcloud.org";
$this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com');
$this->contentSecurityPolicy->useJsNonce('MyJsNonce');
@@ -438,7 +438,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyWithJsNonceAndSelfScriptDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none';script-src 'nonce-TXlKc05vbmNl'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-TXlKc05vbmNl'";
$this->contentSecurityPolicy->useJsNonce('MyJsNonce');
$this->contentSecurityPolicy->addAllowedScriptDomain("'self'");
@@ -446,7 +446,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
}
public function testGetPolicyWithoutJsNonceAndSelfScriptDomain() {
- $expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self'";
+ $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self'";
$this->contentSecurityPolicy->addAllowedScriptDomain("'self'");
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-15 12:25:18 +0000