blob: 50a1bb62bc53ac68ad58092ba8e6a2b14038823b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
# frozen_string_literal: true
module ContentSecurityPolicyHelpers
# Expecting 2 calls to current_content_security_policy by default:
# 1. call that's being tested
# 2. call in ApplicationController
def setup_csp_for_controller(
controller_class, csp = ActionDispatch::ContentSecurityPolicy.new, times: 2,
any_time: false)
expect_next_instance_of(controller_class) do |controller|
if any_time
expect(controller).to receive(:current_content_security_policy).at_least(:once).and_return(csp)
else
expect(controller)
.to receive(:current_content_security_policy).exactly(times).times
.and_return(csp)
end
end
end
# Finds the given csp directive values as an array
#
# Example:
# ```
# find_csp_directive('connect-src')
# ```
def find_csp_directive(key)
csp = response.headers['Content-Security-Policy']
# Transform "default-src foo bar; connect-src foo bar; script-src ..."
# into array of values for a single directive based on the given key
csp.split(';')
.map(&:strip)
.find { |entry| entry.starts_with?(key) }
.split(' ')
.drop(1)
end
end
|