summaryrefslogtreecommitdiff
path: root/service/test/unit
diff options
context:
space:
mode:
authorFolker Bernitt <folker-bernitt-github@gmx.de>2016-02-22 11:16:18 +0100
committerFolker Bernitt <folker-bernitt-github@gmx.de>2016-02-22 11:16:18 +0100
commit6239fa6a410bbb96d2121eea4f3559edca4fea66 (patch)
tree9aa49cd6b38c3531d3ca332487a96fd6cf422be7 /service/test/unit
parent26d1331c7fbd1ae282eefb24950e489eb44d1c0f (diff)
parentb97115679929dfe4f69618f756850617f265048f (diff)
Merge pull request #621 from phss/add-security-headers
Add recommended security headers
Diffstat (limited to 'service/test/unit')
-rw-r--r--service/test/unit/config/test_site.py11
1 files changed, 7 insertions, 4 deletions
diff --git a/service/test/unit/config/test_site.py b/service/test/unit/config/test_site.py
index 83464e89..7c381449 100644
--- a/service/test/unit/config/test_site.py
+++ b/service/test/unit/config/test_site.py
@@ -5,15 +5,18 @@ from twisted.protocols.basic import LineReceiver
class TestPixelatedSite(unittest.TestCase):
- def test_add_csp_header_request(self):
+ def test_add_security_headers(self):
request = self.create_request()
request.process()
headers = request.headers
header_value = "default-src 'self'; style-src 'self' 'unsafe-inline'"
- self.assertEqual(headers.get("Content-Security-Policy"), header_value)
- self.assertEqual(headers.get("X-Content-Security-Policy"), header_value)
- self.assertEqual(headers.get("X-Webkit-CSP"), header_value)
+ self.assertEqual(headers.get('Content-Security-Policy'), header_value)
+ self.assertEqual(headers.get('X-Content-Security-Policy'), header_value)
+ self.assertEqual(headers.get('X-Webkit-CSP'), header_value)
+ self.assertEqual(headers.get('X-Frame-Options'), 'SAMEORIGIN')
+ self.assertEqual(headers.get('X-XSS-Protection'), '1; mode=block')
+ self.assertEqual(headers.get('X-Content-Type-Options'), 'nosniff')
def test_add_strict_transport_security_header_if_secure(self):
request = self.create_request()
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 14:27:04 +0000