696e4a10d6
* Fix EmojiFormatter failure * Add notification_emails.warning setting default value * Fix list spec failure and add antennas for spec response * Fix domain block spec failure to add kb custom response * Fix SearchQueryTransformer spec failure * Fix Account#matches_display_name spec failure * Fix UpdateStatusService changes mentions spec failure * Fix RuboCop Lint * Ignore brakeman warning * Fix CI failure for ignore brakeman warning * Fix migration failure * Fix README * Fix migration CI failure * Fix some spec failure * Format code for RuboCop lint failure * Fix ESlint failure * Fix haml-lint failure
27 lines
1.3 KiB
Ruby
27 lines
1.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
|
|
describe 'Content-Security-Policy' do
|
|
it 'sets the expected CSP headers' do
|
|
allow(SecureRandom).to receive(:base64).with(16).and_return('ZbA+JmE7+bK8F5qvADZHuQ==')
|
|
|
|
get '/'
|
|
expect(response.headers['Content-Security-Policy'].split(';').map(&:strip)).to contain_exactly(
|
|
"base-uri 'none'",
|
|
"default-src 'none'",
|
|
"frame-ancestors 'none'",
|
|
"font-src 'self' https://cb6e6126.ngrok.io",
|
|
"img-src 'self' https: data: blob: https://cb6e6126.ngrok.io",
|
|
"style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='",
|
|
"media-src 'self' https: data: https://cb6e6126.ngrok.io",
|
|
"frame-src 'self' https:",
|
|
"manifest-src 'self' https://cb6e6126.ngrok.io",
|
|
"form-action 'self'",
|
|
"child-src 'self' blob: https://cb6e6126.ngrok.io",
|
|
"worker-src 'self' blob: https://cb6e6126.ngrok.io",
|
|
"connect-src 'self' data: blob: https://cb6e6126.ngrok.io https://cb6e6126.ngrok.io ws://localhost:4000",
|
|
"script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval' https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.co.jp https://www.google.com 'sha256-CS1WvLDd3zJOdxpEk+N+VigcWMa6V345p2HS0WYiFWE='"
|
|
)
|
|
end
|
|
end
|