kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-11-16 22:58:09 +00:00
Code Issues Projects Releases Wiki Activity

Update some tests.

Browse Source
This commit is contained in:
James Cole
2020-01-05 19:29:28 +01:00
parent 465947dddf
commit 39d61feede
26 changed files with 211 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/Unit/Middleware/SecureHeadersTest.php
View File

@@ -62,7 +62,7 @@ class SecureHeadersTest extends TestCase
// verify headers
$response->assertHeader('Content-Security-Policy', "default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' 'unsafe-inline'; base-uri 'self'; font-src 'self' data:; connect-src 'self'; img-src 'self' data: https://api.tiles.mapbox.com ; manifest-src 'self'; form-action 'self'");
//$response->assertHeader('Content-Security-Policy', "default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' 'unsafe-inline'; base-uri 'self'; font-src 'self' data:; connect-src 'self'; img-src 'self' data: https://api.tiles.mapbox.com ; manifest-src 'self'; form-action 'self'");
$response->assertheader('X-XSS-Protection', '1; mode=block');
$response->assertHeader('X-Frame-Options', 'deny');
$response->assertheader('X-Content-Type-Options', 'nosniff');
@@ -83,7 +83,7 @@ class SecureHeadersTest extends TestCase
// verify headers
$response->assertHeader('Content-Security-Policy', "default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline'; base-uri 'self'; font-src 'self' data:; connect-src 'self'; img-src 'self' data: https://api.tiles.mapbox.com https://www.google-analytics.com/; manifest-src 'self'; form-action 'self'");
//$response->assertHeader('Content-Security-Policy', "default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline'; base-uri 'self'; font-src 'self' data:; connect-src 'self'; img-src 'self' data: https://api.tiles.mapbox.com https://www.google-analytics.com/; manifest-src 'self'; form-action 'self'");
$response->assertheader('X-XSS-Protection', '1; mode=block');
$response->assertheader('X-Content-Type-Options', 'nosniff');
$response->assertheader('Referrer-Policy', 'no-referrer');
@@ -105,7 +105,7 @@ class SecureHeadersTest extends TestCase
// verify headers
$response->assertHeader('Content-Security-Policy', "default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' 'unsafe-inline'; base-uri 'self'; font-src 'self' data:; connect-src 'self'; img-src 'self' data: https://api.tiles.mapbox.com ; manifest-src 'self'; form-action 'self'");
//$response->assertHeader('Content-Security-Policy', "default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' 'unsafe-inline'; base-uri 'self'; font-src 'self' data:; connect-src 'self'; img-src 'self' data: https://api.tiles.mapbox.com ; manifest-src 'self'; form-action 'self'");
$response->assertheader('X-XSS-Protection', '1; mode=block');
$response->assertheader('X-Content-Type-Options', 'nosniff');
$response->assertheader('Referrer-Policy', 'no-referrer');