diff options
| author | Julius Härtl <jus@bitgrid.net> | 2022-03-09 16:25:36 +0300 |
|---|---|---|
| committer | Julius Härtl <jus@bitgrid.net> | 2022-03-09 17:10:27 +0300 |
| commit | bd03dd37bec6e94bf1bb8f7329d370c5a68ecb6b (patch) | |
| tree | 54b371050de801f253fde867706529bc7bee6da9 /tests/lib/Security | |
| parent | 0825c3ea34675b12bf14dc00354e0ab1c77ecf11 (diff) | |
Allow to set a strict-dynamic CSP through the APIenh/strict-dynamic-csp
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Diffstat (limited to 'tests/lib/Security')
| -rw-r--r-- | tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php b/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php index b91482ab2c6..e5cf9ea9e1f 100644 --- a/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php +++ b/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php @@ -86,6 +86,7 @@ class ContentSecurityPolicyManagerTest extends TestCase { $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(); $policy->addAllowedFontDomain('mydomain.com'); $policy->addAllowedImageDomain('anotherdomain.de'); + $policy->useStrictDynamic(true); $e->addPolicy($policy); }); @@ -117,6 +118,7 @@ class ContentSecurityPolicyManagerTest extends TestCase { $expected->addAllowedImageDomain('example.org'); $expected->addAllowedChildSrcDomain('childdomain'); $expected->addAllowedFormActionDomain('thirdDomain'); + $expected->useStrictDynamic(true); $expectedStringPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: anotherdomain.de example.org;font-src 'self' data: mydomain.com example.com anotherFontDomain;connect-src 'self';media-src 'self';child-src childdomain;frame-ancestors 'self';form-action 'self' thirdDomain"; $this->assertEquals($expected, $this->contentSecurityPolicyManager->getDefaultPolicy()); |