X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fplugs%2Fhttp_security_plug_test.exs;h=0cbb7e4b11fcfd6f57bb752ad583c840ad7c91a0;hb=627e5a0a4992cc19fc65a7e93a09c470c8e2bf33;hp=5268a1972f7caf7bca7b229c9ead3a54a031f301;hpb=fe67665e19cc98faff4a8ee53a3f4ca4190ca2ef;p=akkoma

diff --git a/test/plugs/http_security_plug_test.exs b/test/plugs/http_security_plug_test.exs
index 5268a1972..0cbb7e4b1 100644
--- a/test/plugs/http_security_plug_test.exs
+++ b/test/plugs/http_security_plug_test.exs
@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
   use Pleroma.Web.ConnCase
   alias Pleroma.Config
@@ -58,4 +62,22 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
     assert Conn.get_resp_header(conn, "strict-transport-security") == []
     assert Conn.get_resp_header(conn, "expect-ct") == []
   end
+
+  test "referrer-policy header reflects configured value", %{conn: conn} do
+    Config.put([:http_security, :enabled], true)
+
+    conn =
+      conn
+      |> get("/api/v1/instance")
+
+    assert Conn.get_resp_header(conn, "referrer-policy") == ["same-origin"]
+
+    Config.put([:http_security, :referrer_policy], "no-referrer")
+
+    conn =
+      build_conn()
+      |> get("/api/v1/instance")
+
+    assert Conn.get_resp_header(conn, "referrer-policy") == ["no-referrer"]
+  end
 end