public void EnrichDoesntAddHeaderIfHstsNotEnabled() { var mockResponse = new Mock <HttpResponseBase>(); var mockRequest = new Mock <HttpRequestBase>(); var mockSecurityEvaluator = new Mock <ISecurityEvaluator>(); var enricher = new HstsResponseEnricher(); var settings = new Settings { EnableHsts = false, HstsMaxAge = 42 }; mockSecurityEvaluator.Setup(e => e.IsSecureConnection(mockRequest.Object, settings)).Returns(true); enricher.Enrich(mockResponse.Object, mockRequest.Object, mockSecurityEvaluator.Object, settings); mockResponse.Verify(resp => resp.AddHeader(It.IsAny <string>(), It.IsAny <string>()), Times.Never()); }
public void EnrichAddsHstsHeaderWithMaxAge() { const int HstsMaxAge = 42; var mockResponse = new Mock <HttpResponseBase>(); var mockRequest = new Mock <HttpRequestBase>(); var mockSecurityEvaluator = new Mock <ISecurityEvaluator>(); var enricher = new HstsResponseEnricher(); var settings = new Settings { EnableHsts = true, HstsMaxAge = HstsMaxAge }; mockSecurityEvaluator.Setup(e => e.IsSecureConnection(mockRequest.Object, settings)).Returns(true); enricher.Enrich(mockResponse.Object, mockRequest.Object, mockSecurityEvaluator.Object, settings); mockResponse.Verify(resp => resp.AddHeader("Strict-Transport-Security", string.Format("max-age={0:f0}", HstsMaxAge))); }