sendnrw/pocket-id
2
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-05-17 02:19:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
881d3df24eb0cb7650496a32f82cf578a6d236fe
pocket-id/backend/internal/middleware/csp_middleware_test.go
Elias Schneider 881d3df24e remove SetAllowedFormAction and explicitly set csp header
2026-04-19 15:30:23 +02:00

25 lines
615 B
Go
Raw Blame History

package middleware
import (
"strings"
"testing"
"github.com/stretchr/testify/assert"
)
func TestBuildCSP(t *testing.T) {
t.Run("uses self form action by default", func(t *testing.T) {
csp := BuildCSP("test-nonce")
assert.Contains(t, csp, "form-action 'self';")
assert.Contains(t, csp, "script-src 'self' 'nonce-test-nonce'")
})
t.Run("adds validated form action targets", func(t *testing.T) {
csp := BuildCSP("test-nonce", "https://example.com/callback")
assert.Contains(t, csp, "form-action 'self' https://example.com/callback;")
assert.Equal(t, 1, strings.Count(csp, "form-action"))
})
}
Reference in New Issue View Git Blame Copy Permalink