From 0b2461a655684c6d706d30a081350e59601eab33 Mon Sep 17 00:00:00 2001
From: Paulo Schneider <paulo.schneider@gmail.com>
Date: Fri, 19 Feb 2016 21:13:47 +0000
Subject: Add recommended security headers from #618

---
 service/test/unit/config/test_site.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'service/test/unit/config')

diff --git a/service/test/unit/config/test_site.py b/service/test/unit/config/test_site.py
index 83464e89..7c381449 100644
--- a/service/test/unit/config/test_site.py
+++ b/service/test/unit/config/test_site.py
@@ -5,15 +5,18 @@ from twisted.protocols.basic import LineReceiver
 
 
 class TestPixelatedSite(unittest.TestCase):
-    def test_add_csp_header_request(self):
+    def test_add_security_headers(self):
         request = self.create_request()
         request.process()
         headers = request.headers
 
         header_value = "default-src 'self'; style-src 'self' 'unsafe-inline'"
-        self.assertEqual(headers.get("Content-Security-Policy"), header_value)
-        self.assertEqual(headers.get("X-Content-Security-Policy"), header_value)
-        self.assertEqual(headers.get("X-Webkit-CSP"), header_value)
+        self.assertEqual(headers.get('Content-Security-Policy'), header_value)
+        self.assertEqual(headers.get('X-Content-Security-Policy'), header_value)
+        self.assertEqual(headers.get('X-Webkit-CSP'), header_value)
+        self.assertEqual(headers.get('X-Frame-Options'), 'SAMEORIGIN')
+        self.assertEqual(headers.get('X-XSS-Protection'), '1; mode=block')
+        self.assertEqual(headers.get('X-Content-Type-Options'), 'nosniff')
 
     def test_add_strict_transport_security_header_if_secure(self):
         request = self.create_request()
-- 
cgit v1.2.3