# Pleroma: A lightweight social networking server
-# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
alias Pleroma.Config
alias Plug.Conn
+ setup do: clear_config([:http_securiy, :enabled])
+ setup do: clear_config([:http_security, :sts])
+ setup do: clear_config([:http_security, :referrer_policy])
+
describe "http security enabled" do
setup do
- enabled = Config.get([:http_securiy, :enabled])
-
Config.put([:http_security, :enabled], true)
-
- on_exit(fn ->
- Config.put([:http_security, :enabled], enabled)
- end)
-
- :ok
end
test "it sends CSP headers when enabled", %{conn: conn} do
[csp] = Conn.get_resp_header(conn, "content-security-policy")
- assert csp =~ ~r|report-uri https://endpoint.com; report-to csp-endpoint;|
+ assert csp =~ ~r|report-uri https://endpoint.com;report-to csp-endpoint;|
[reply_to] = Conn.get_resp_header(conn, "reply-to")
end
test "it does not send CSP headers when disabled", %{conn: conn} do
- enabled = Config.get([:http_securiy, :enabled])
-
Config.put([:http_security, :enabled], false)
- on_exit(fn ->
- Config.put([:http_security, :enabled], enabled)
- end)
-
conn = get(conn, "/api/v1/instance")
assert Conn.get_resp_header(conn, "x-xss-protection") == []
projects / akkoma / blobdiff