summaryrefslogtreecommitdiffstats
path: root/tests/lib/AppFramework/Http/ResponseTest.php
diff options
context:
space:
mode:
Diffstat (limited to 'tests/lib/AppFramework/Http/ResponseTest.php')
-rw-r--r--tests/lib/AppFramework/Http/ResponseTest.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/tests/lib/AppFramework/Http/ResponseTest.php b/tests/lib/AppFramework/Http/ResponseTest.php
index 3ed946dc6ca..0331bb42c01 100644
--- a/tests/lib/AppFramework/Http/ResponseTest.php
+++ b/tests/lib/AppFramework/Http/ResponseTest.php
@@ -58,14 +58,14 @@ class ResponseTest extends \Test\TestCase {
$this->childResponse->setHeaders($expected);
$headers = $this->childResponse->getHeaders();
- $expected['Content-Security-Policy'] = "default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
+ $expected['Content-Security-Policy'] = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
$this->assertEquals($expected, $headers);
}
public function testOverwriteCsp() {
$expected = [
- 'Content-Security-Policy' => "default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self';font-src 'self';connect-src 'self';media-src 'self'",
+ 'Content-Security-Policy' => "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self';font-src 'self';connect-src 'self';media-src 'self'",
];
$policy = new Http\ContentSecurityPolicy();
$policy->allowInlineScript(true);
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-06 10:01:21 +0000