aboutsummaryrefslogtreecommitdiffstats
path: root/t/app/01app.t
diff options
context:
space:
mode:
Diffstat (limited to 't/app/01app.t')
-rw-r--r--t/app/01app.t42
1 files changed, 34 insertions, 8 deletions
diff --git a/t/app/01app.t b/t/app/01app.t
index df562b829..50617d491 100644
--- a/t/app/01app.t
+++ b/t/app/01app.t
@@ -2,30 +2,56 @@
use strict;
use warnings;
+use utf8;
package FixMyStreet::Cobrand::Tester;
-use parent 'FixMyStreet::Cobrand::FiksGataMi';
+use parent 'FixMyStreet::Cobrand::FixaMinGata';
sub front_stats_data { { new => 0, fixed => 0, updates => 12345 } }
package main;
+use Encode;
use Test::More;
use Catalyst::Test 'FixMyStreet::App';
use charnames ':full';
-use Encode qw(encode);
ok( request('/')->is_success, 'Request should succeed' );
-SKIP: {
FixMyStreet::override_config {
ALLOWED_COBRANDS => [ 'tester' ],
}, sub {
- skip 'Test will not pass on Mac OS', 1 if $^O eq 'darwin';
-
- my $page = get('/');
- my $num = encode('UTF-8', "12\N{NO-BREAK SPACE}345");
+ my $page = decode_utf8(get('/'));
+ my $num = "12( | )345";
like $page, qr/$num/;
};
-}
+
+subtest 'CSP header' => sub {
+ my $res = request('/');
+ is $res->header('Content-Security-Policy'), undef, 'None by default';
+
+ FixMyStreet::override_config {
+ CONTENT_SECURITY_POLICY => 1,
+ }, sub {
+ my $res = request('/');
+ like $res->header('Content-Security-Policy'), qr/script-src 'self' 'unsafe-inline' 'nonce-[^']*' ; object-src 'none'; base-uri 'none'/,
+ 'Default CSP header if requested';
+ };
+
+ FixMyStreet::override_config {
+ CONTENT_SECURITY_POLICY => 'www.example.org',
+ }, sub {
+ my $res = request('/');
+ like $res->header('Content-Security-Policy'), qr/script-src 'self' 'unsafe-inline' 'nonce-[^']*' www.example.org; object-src 'none'; base-uri 'none'/,
+ 'With 3P domains if given';
+ };
+
+ FixMyStreet::override_config {
+ CONTENT_SECURITY_POLICY => [ 'www.example.org' ],
+ }, sub {
+ my $res = request('/');
+ like $res->header('Content-Security-Policy'), qr/script-src 'self' 'unsafe-inline' 'nonce-[^']*' www.example.org; object-src 'none'; base-uri 'none'/,
+ 'With 3P domains if given';
+ };
+};
done_testing();
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-02 06:05:33 +0000