Added nonce helper to CSP plugin
Change-Id: I78b48e84222efe348abecb5d45d4f5c8d59d7335
diff --git a/t/plugin/csp.t b/t/plugin/csp.t
index 6e15a61..1031450 100644
--- a/t/plugin/csp.t
+++ b/t/plugin/csp.t
@@ -80,5 +80,75 @@
;
+$t = Test::Mojo->new(Mojolicious::Lite->new);
+$t->app->plugin('Kalamar::Plugin::CSP');
+$t->app->routes->get('/nononce')->to(
+ cb => sub {
+ shift->render(inline => 'Hallo! <%= csp_nonce_tag %>');
+ }
+);
+
+$t->get_ok('/nononce')
+ ->status_is(200)
+ ->content_is("Hallo! \n")
+ ->header_unlike($csp, qr!'nonce-.{20}'!)
+ ;
+
+$t->app->content_block(
+ 'nonce_js' => {
+ inline => 'console.log("Hallo")'
+ }
+);
+
+$t->get_ok('/nononce')
+ ->status_is(200)
+ ->content_is("Hallo! <!-- inline js permitted -->\n")
+ ->header_unlike($csp, qr!'nonce-.{20}'!)
+ ;
+
+# Test with nonce:
+$t = Test::Mojo->new(Mojolicious::Lite->new);
+$t->app->config(
+ CSP => {
+ 'style-src' => ['self'],
+ 'img-src' => ['self', 'data:'],
+ -with_nonce => 1
+ }
+);
+
+$t->app->plugin('Kalamar::Plugin::CSP');
+
+$t->app->routes->get('/nonce')->to(
+ cb => sub {
+ shift->render(inline => 'Hallo! <%= csp_nonce_tag %>');
+ }
+);
+
+$t->get_ok('/nonce')
+ ->status_is(200)
+ ->content_like(qr'Hallo!')
+ ->content_unlike(qr'<script nonce=".{20}">')
+ ->header_like($csp, qr!^img-src 'self' data:;script-src 'nonce-.{20}';style-src 'self';!)
+ ->tx->res->to_string;
+;
+
+$t->app->content_block(
+ 'nonce_js' => {
+ inline => 'console.log("Hallo")'
+ }
+);
+
+my $content = $t->get_ok('/nonce')
+ ->status_is(200)
+ ->content_like(qr'Hallo! <script nonce=".{20}">//<!\[CDATA\[\nconsole')
+ ->header_like($csp, qr!^img-src 'self' data:;script-src 'nonce-.{20}';style-src 'self';!)
+ ->tx->res->to_string;
+;
+
+$content =~ q!<script nonce="(.{20})"!;
+like($content, qr/nonce-\Q$1\E/);
+
+
+
done_testing;
__END__