projects
/
akkoma
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
InstanceView: Expose background image link.
[akkoma]
/
test
/
plugs
/
http_security_plug_test.exs
diff --git
a/test/plugs/http_security_plug_test.exs
b/test/plugs/http_security_plug_test.exs
index 7dfd50c1febd9a6a6f5ace616c853725bb16cf39..84e4c274fb5b54a2a0ba9c0a470ebc3cf99fa4db 100644
(file)
--- a/
test/plugs/http_security_plug_test.exs
+++ b/
test/plugs/http_security_plug_test.exs
@@
-1,5
+1,5
@@
# Pleroma: A lightweight social networking server
# Pleroma: A lightweight social networking server
-# Copyright © 2017-20
18
Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-20
20
Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
@@
-7,17
+7,13
@@
defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
alias Pleroma.Config
alias Plug.Conn
alias Pleroma.Config
alias Plug.Conn
+ setup do: clear_config([:http_securiy, :enabled])
+ setup do: clear_config([:http_security, :sts])
+ setup do: clear_config([:http_security, :referrer_policy])
+
describe "http security enabled" do
setup do
describe "http security enabled" do
setup do
- enabled = Config.get([:http_securiy, :enabled])
-
Config.put([:http_security, :enabled], true)
Config.put([:http_security, :enabled], true)
-
- on_exit(fn ->
- Config.put([:http_security, :enabled], enabled)
- end)
-
- :ok
end
test "it sends CSP headers when enabled", %{conn: conn} do
end
test "it sends CSP headers when enabled", %{conn: conn} do
@@
-81,14
+77,8
@@
defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
end
test "it does not send CSP headers when disabled", %{conn: conn} do
end
test "it does not send CSP headers when disabled", %{conn: conn} do
- enabled = Config.get([:http_securiy, :enabled])
-
Config.put([:http_security, :enabled], false)
Config.put([:http_security, :enabled], false)
- on_exit(fn ->
- Config.put([:http_security, :enabled], enabled)
- end)
-
conn = get(conn, "/api/v1/instance")
assert Conn.get_resp_header(conn, "x-xss-protection") == []
conn = get(conn, "/api/v1/instance")
assert Conn.get_resp_header(conn, "x-xss-protection") == []