diff options
author | Justin Velluppillai <justin@innocraft.com> | 2021-09-03 03:32:24 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-03 03:32:24 +0300 |
commit | bb6999df6088aa199045986b973aeedcdc22f58b (patch) | |
tree | c8422fc5064d4a7961edfa07efff1eb39457c426 /tests | |
parent | c2791af204f24b1b61ae293af571c1279d0ac3ca (diff) |
Provide SecurityPolicy method to allow embedded iframes to fetch their resources (#17955)
Diffstat (limited to 'tests')
-rw-r--r-- | tests/PHPUnit/Unit/SecurityPolicyTest.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/tests/PHPUnit/Unit/SecurityPolicyTest.php b/tests/PHPUnit/Unit/SecurityPolicyTest.php index a29db39eab..b1e535ca0e 100644 --- a/tests/PHPUnit/Unit/SecurityPolicyTest.php +++ b/tests/PHPUnit/Unit/SecurityPolicyTest.php @@ -18,7 +18,7 @@ use Piwik\Config; class SecurityPolicyTest extends \PHPUnit\Framework\TestCase { private $securityPolicy; - private $defaultPolicy = "default-src 'self' 'unsafe-inline' 'unsafe-eval'; "; + private $defaultPolicy = "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; "; private $generalConfig; @@ -63,14 +63,14 @@ class SecurityPolicyTest extends \PHPUnit\Framework\TestCase public function testCanAppendPolicy() { $this->securityPolicy->addPolicy('default-src', "'new-policy'"); - $expected = "Content-Security-Policy-Report-Only: default-src 'self' 'unsafe-inline' 'unsafe-eval' 'new-policy'; "; + $expected = "Content-Security-Policy-Report-Only: default-src 'self' 'unsafe-inline' 'unsafe-eval' 'new-policy'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; "; $this->assertEquals($expected, $this->securityPolicy->createHeaderString()); } public function testCanOverridePolicy() { $this->securityPolicy->overridePolicy('default-src', "'self'"); - $expected = "Content-Security-Policy-Report-Only: default-src 'self'; "; + $expected = "Content-Security-Policy-Report-Only: default-src 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; "; $this->assertEquals($expected, $this->securityPolicy->createHeaderString()); } @@ -78,7 +78,7 @@ class SecurityPolicyTest extends \PHPUnit\Framework\TestCase $this->securityPolicy->removeDirective('default-src'); $this->securityPolicy->addPolicy('script-src', "'self'"); - $expected = "Content-Security-Policy-Report-Only: script-src 'self'; "; + $expected = "Content-Security-Policy-Report-Only: img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; script-src 'self'; "; $this->assertEquals($expected, $this->securityPolicy->createHeaderString()); } } |