commit 354f453c540136af87fb4143db385a5641e2ca6f
author Akron <nils@diewald-online.de> Thu Jan 21 17:29:44 2021 +0100
committer Akron <nils@diewald-online.de> Mon Jan 25 18:12:23 2021 +0100
tree 36abda4a9860bfb758933e4565ca2539cd66926f
parent bc909abe73558be0dfa9ef9af115a1594e0dfda5

Establish CSP plugin

Change-Id: Iffb988f3c6a022ab20e64a1dcbd96f9cc6f96cb4

t/plugin/csp.t

diff --git a/t/plugin/csp.t b/t/plugin/csp.t
new file mode 100644
index 0000000..6e15a61
--- /dev/null
+++ b/t/plugin/csp.t
@@ -0,0 +1,84 @@
+use Mojolicious::Lite;
+use Test::Mojo;
+use Test::More;
+
+my $t = Test::Mojo->new;
+
+plugin 'Kalamar::Plugin::CSP' => {
+  'style-src' => ['self','unsafe-inline'],
+  'script-src' => '*',
+  'img-src' => ['self', 'data:']
+};
+
+get '/' => sub {
+  shift->render(text => 'hello world');
+};
+
+my $csp = 'Content-Security-Policy';
+
+$t->get_ok('/')
+  ->status_is(200)
+  ->content_is('hello world')
+  ->header_is($csp, "img-src 'self' data:;script-src *;style-src 'self' 'unsafe-inline';")
+  ;
+
+$t->app->csp->add('img-src' => 'stats.ids-mannheim.de');
+
+$t->get_ok('/')
+  ->status_is(200)
+  ->content_is('hello world')
+  ->header_is($csp, "img-src 'self' data: stats.ids-mannheim.de;script-src *;style-src 'self' 'unsafe-inline';")
+  ;
+
+$t->get_ok('/')
+  ->status_is(200)
+  ->content_is('hello world')
+  ->header_is($csp, "img-src 'self' data: stats.ids-mannheim.de;script-src *;style-src 'self' 'unsafe-inline';")
+  ;
+
+$t->app->csp->add('img-src' => 'stats.ids-mannheim.de');
+
+$t->get_ok('/')
+  ->status_is(200)
+  ->content_is('hello world')
+  ->header_is($csp, "img-src 'self' data: stats.ids-mannheim.de;script-src *;style-src 'self' 'unsafe-inline';")
+  ;
+
+$t->app->csp->add('script-src' => '*');
+
+$t->get_ok('/')
+  ->status_is(200)
+  ->content_is('hello world')
+  ->header_is($csp, "img-src 'self' data: stats.ids-mannheim.de;script-src *;style-src 'self' 'unsafe-inline';")
+  ;
+
+
+# New
+$t = Test::Mojo->new;
+$t->app->config(
+  CSP => {
+    'style-src' => ['self','unsafe-inline'],
+    'img-src' => ['self', 'data:']
+  }
+);
+
+$t->app->plugin('Kalamar::Plugin::CSP' => {
+  'script-src' => '*',
+  'img-src' => 'self'
+});
+
+$t->app->routes->get('/n')->to(
+  cb => sub {
+    shift->render(text => 'hello world');
+  }
+);
+
+$t->get_ok('/n')
+  ->status_is(200)
+  ->content_is('hello world')
+  ->header_is($csp, "img-src 'self' data:;script-src *;style-src 'self' 'unsafe-inline';")
+  ;
+
+
+done_testing;
+__END__