summaryrefslogtreecommitdiff
path: root/service/test
diff options
context:
space:
mode:
authorFelix Hammerl <fhammerl@thoughtworks.com>2016-02-26 18:27:13 +0100
committerFelix Hammerl <fhammerl@thoughtworks.com>2016-03-09 15:35:28 +0100
commitca3a3817c7c5de0b89e5105adb88a0f7419df8e1 (patch)
treef35d394074500f5464c47df6bb731aa4f895249a /service/test
parent281f88ba668e38883e822ea5bd96134ad3a3aa6c (diff)
Issue #617: Serve content from Sandbox resource
Diffstat (limited to 'service/test')
-rw-r--r--service/test/unit/resources/test_sandbox_resource.py38
1 files changed, 38 insertions, 0 deletions
diff --git a/service/test/unit/resources/test_sandbox_resource.py b/service/test/unit/resources/test_sandbox_resource.py
new file mode 100644
index 00000000..3db43e12
--- /dev/null
+++ b/service/test/unit/resources/test_sandbox_resource.py
@@ -0,0 +1,38 @@
+import os
+import unittest
+
+from twisted.internet import defer
+from twisted.web.test.requesthelper import DummyRequest
+
+from pixelated.resources.sandbox_resource import SandboxResource
+from test.unit.resources import DummySite
+
+
+class TestSandBoxResource(unittest.TestCase):
+ def setUp(self):
+ static_folder = os.path.dirname(os.path.abspath(__file__))
+ self.resource = SandboxResource(static_folder)
+ self.resource.isLeaf = True
+ self.web = DummySite(self.resource)
+
+ @defer.inlineCallbacks
+ def test_render_GET_should_set_sandbox_csp_header(self):
+ request = DummyRequest(['/sandbox'])
+ request.method = 'GET'
+ request.isSecure = lambda: True
+ request.redirect = lambda _: 'irrelevant'
+
+ expected_csp_headers = "sandbox allow-popups allow-scripts;" \
+ "default-src 'self';" \
+ "style-src *;" \
+ "script-src *;" \
+ "font-src *;" \
+ "img-src *;" \
+ "object-src 'none';" \
+ "connect-src 'none';"
+
+ yield self.web.get(request)
+
+ self.assertEquals(expected_csp_headers, request.outgoingHeaders.get('X-Content-Security-Policy'.lower()))
+ self.assertEquals(expected_csp_headers, request.outgoingHeaders.get('Content-Security-Policy'.lower()))
+ self.assertEquals(expected_csp_headers, request.outgoingHeaders.get('X-Webkit-CSP'.lower()))