public void SetCspDirectiveConfig_CommonCspDirectives_NoException([ValueSource(typeof(CspCommonDirectives), "Directives")] CspDirectives directive)
{
var config = new CspConfiguration();
var directiveConfig = new CspDirectiveConfiguration();
Assert.DoesNotThrow(() => _mapper.SetCspDirectiveConfig(config, directive, directiveConfig));
}
public ICspConfiguration GetCspConfigWithOverrides([NotNull]HttpContextBase context, bool reportOnly)
{
var overrides = _contextConfigurationHelper.GetCspConfigurationOverride(context, reportOnly, true);
//No overrides
if (overrides == null)
{
return null;
}
var newConfig = new CspConfiguration(false);
var originalConfig = _contextConfigurationHelper.GetCspConfiguration(context, reportOnly);
//We might be "attributes only", so no other config around.
if (originalConfig != null)
{
_configMapper.MergeConfiguration(originalConfig, newConfig);
}
//Deal with header override
_configMapper.MergeOverrides(overrides, newConfig);
return newConfig;
}
public void AddCspHeaders_EnabledButNoDirectivesOrReportUriEnabled_ReturnsEmptyResults([Values(false, true)]bool reportOnly)
{
var cspConfig = new CspConfiguration { Enabled = true };
var result = _generator.CreateCspResult(cspConfig, reportOnly);
Assert.IsNull(result);
}
public void AddCspHeaders_Disabled_ReturnsEmptyResults([Values(false, true)]bool reportOnly)
{
var cspConfig = new CspConfiguration { Enabled = false, DefaultSrcDirective = { SelfSrc = true } };
var result = _generator.CreateCspResult(cspConfig, reportOnly);
Assert.IsNull(result);
}
public void AddCspHeaders_DisabledButNoncesPresent_ReturnsEmptyResults([Values(false, true)]bool reportOnly)
{
var cspConfig = new CspConfiguration { Enabled = false, ScriptSrcDirective = { Nonce = "Heyhey" } };
var result = _generator.CreateCspResult(cspConfig, reportOnly);
Assert.IsNull(result);
}
public void GetCspDirectiveConfigCloned_NoDirective_ReturnsNull()
{
var config = new CspConfiguration(false);
var mapper = new CspConfigMapper();
var clone = mapper.GetCspDirectiveConfigCloned(config, CspDirectives.ScriptSrc);
Assert.IsNull(clone);
}
public void GetCspDirectiveConfigCloned_DefaultDirective_ClonesDirective()
{
var directive = new CspDirectiveConfiguration();
var config = new CspConfiguration(false) { ScriptSrcDirective = directive };
var mapper = new CspConfigMapper();
var clone = mapper.GetCspDirectiveConfigCloned(config, CspDirectives.ScriptSrc);
Assert.AreNotSame(directive, clone);
Assert.That(clone, Is.EqualTo(directive).Using(new CspDirectiveConfigurationComparer()));
}
public void AddCspHeaders_CspDirectiveWithTwoSources_ReturnsSetCspCorrectlyFormattedDirectiveResult([Values(false, true)]bool reportOnly)
{
var cspConfig = new CspConfiguration { Enabled = true, DefaultSrcDirective = { SelfSrc = true } };
cspConfig.DefaultSrcDirective.CustomSources = new[] { "nwebsec.codeplex.com" };
var result = _generator.CreateCspResult(cspConfig, reportOnly);
Assert.IsNotNull(result);
Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action);
Assert.AreEqual(CspHeaderName(reportOnly), result.Name);
Assert.AreEqual("default-src 'self' nwebsec.codeplex.com", result.Value);
}
public void AddCspHeaders_CspEnabledWithChildSrc_ReturnsSetCspWithChildSrcResult([Values(false, true)]bool reportOnly)
{
var cspConfig = new CspConfiguration
{
Enabled = true,
ChildSrcDirective = { SelfSrc = true }
};
var result = _generator.CreateCspResult(cspConfig, reportOnly);
Assert.IsNotNull(result);
Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action);
Assert.AreEqual(CspHeaderName(reportOnly), result.Name);
Assert.AreEqual("child-src 'self'", result.Value);
}
public void GetCspElementWithOverrides_OverrideAndConfigFromContext_MergesConfigFromContextAndOverrides([Values(false, true)]bool reportOnly)
{
var cspConfig = new CspConfiguration();
var overrideConfig = new CspOverrideConfiguration();
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(cspConfig);
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), reportOnly, true)).Returns(overrideConfig);
_directiveConfigMapper.Setup(m => m.MergeConfiguration(cspConfig, It.IsAny<ICspConfiguration>()));
_directiveConfigMapper.Setup(m => m.MergeOverrides(overrideConfig, It.IsAny<ICspConfiguration>()));
var overrideElement = CspConfigurationOverrideHelper.GetCspConfigWithOverrides(MockContext, reportOnly);
Assert.IsNotNull(overrideElement);
_directiveConfigMapper.Verify(m => m.MergeConfiguration(cspConfig, It.IsAny<ICspConfiguration>()), Times.Once);
_directiveConfigMapper.Verify(m => m.MergeOverrides(overrideConfig, It.IsAny<ICspConfiguration>()), Times.Once);
}
public void SetCspHeaders_OverrideAndSafari5_DoesNothing([Values(false, true)] bool reportOnly)
{
//Get ASP.NET stuff in order
var request = new Mock<HttpRequestBase>();
request.Setup(r => r.UserAgent).Returns("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2");
Mock.Get(_mockContext).Setup(c => c.Request).Returns(request.Object);
var contextConfig = new CspConfiguration();
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(contextConfig);
_cspConfigurationOverrideHelper.Setup(h => h.GetCspConfigWithOverrides(It.IsAny<HttpContextBase>(), reportOnly)).Returns((CspConfiguration)null);
_overrideHelper.SetCspHeaders(_mockContext, reportOnly);
_headerGenerator.Verify(g => g.CreateCspResult(It.IsAny<ICspConfiguration>(), reportOnly, It.IsAny<string>(), It.IsAny<ICspConfiguration>()), Times.Never);
_headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny<HttpResponseBase>(), It.IsAny<HeaderResult>()), Times.Never);
}
public void SetCspHeaders_NoOverride_DoesNothing([Values(false, true)] bool reportOnly)
{
//Get ASP.NET stuff in order
var request = new Mock<HttpRequestBase>();
request.SetupAllProperties();
Mock.Get(_mockContext).Setup(c => c.Request).Returns(request.Object);
var contextConfig = new CspConfiguration();
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(contextConfig);
_cspConfigurationOverrideHelper.Setup(h => h.GetCspConfigWithOverrides(It.IsAny<HttpContextBase>(), reportOnly)).Returns((CspConfiguration)null);
_overrideHelper.SetCspHeaders(_mockContext, reportOnly);
_headerGenerator.Verify(g => g.CreateCspResult(It.IsAny<ICspConfiguration>(),reportOnly, It.IsAny<string>(), It.IsAny<ICspConfiguration>()), Times.Never);
_headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny<HttpResponseBase>(), It.IsAny<HeaderResult>()), Times.Never);
}
public void GetCspDirectiveConfig_DirectiveSet_ReturnsDirective()
{
var directives = CspCommonDirectives.Directives().ToArray();
var config = new CspConfiguration(false);
foreach (var directive in directives)
{
_mapper.SetCspDirectiveConfig(config, directive, new CspDirectiveConfiguration { Nonce = directive.ToString() });
}
foreach (var directive in directives)
{
var directiveConfig = _mapper.GetCspDirectiveConfig(config, directive);
Assert.IsNotNull(directiveConfig);
Assert.AreEqual(directive.ToString(), directiveConfig.Nonce);
}
}
public void AddCspHeaders_CspEnabledWithBuiltinReportUri_ReturnsSetCspWithReportUriResult([Values(false, true)]bool reportOnly)
{
const string builtinReportHandlerUri = "/cspreport";
var cspConfig = new CspConfiguration
{
Enabled = true,
DefaultSrcDirective = { SelfSrc = true },
ReportUriDirective = { Enabled = true, EnableBuiltinHandler = true }
};
var result = _generator.CreateCspResult(cspConfig, reportOnly, builtinReportHandlerUri: builtinReportHandlerUri);
Assert.IsNotNull(result);
Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action);
Assert.AreEqual(CspHeaderName(reportOnly), result.Name);
Assert.AreEqual("default-src 'self';report-uri " + builtinReportHandlerUri, result.Value);
}
public void GetCspDirectiveConfigCloned_Configured_ClonesDirective()
{
var directive = new CspDirectiveConfiguration
{
Enabled = false,
NoneSrc = true,
SelfSrc = true,
UnsafeEvalSrc = true,
UnsafeInlineSrc = false,
CustomSources = new[] { "https://www.nwebsec.com", "www.klings.org" }
};
var config = new CspConfiguration(false) { ScriptSrcDirective = directive };
var mapper = new CspConfigMapper();
var clone = mapper.GetCspDirectiveConfigCloned(config, CspDirectives.ScriptSrc);
Assert.AreNotSame(directive, clone);
Assert.That(clone, Is.EqualTo(directive).Using(new CspDirectiveConfigurationComparer()));
}
public void TryUpgradeInsecureRequest_UpgradeEnabledAndUpgradableRequest_RedirectsAndReturnsTrue()
{
_response.Setup(r => r.AppendHeader(It.IsAny<string>(), It.IsAny<string>()));
_response.Setup(r => r.Redirect(It.IsAny<string>(), false));
_response.Setup(r => r.End());
SetRequestUri("http://www.nwebsec.com");
SetSecureConnection(false);
var cspConfig = new CspConfiguration
{
Enabled = true,
UpgradeInsecureRequestsDirective = { Enabled = true }
};
var helper = new CspUpgradeInsecureRequestHelper(cspConfig);
Assert.IsTrue(helper.TryUpgradeInsecureRequest(_context.Object));
_response.Verify(r => r.AppendHeader("Vary", "Upgrade-Insecure-Requests"), Times.Once);
_response.Verify(r => r.Redirect("https://www.nwebsec.com/", false), Times.Once);
_response.Verify(r => r.End(), Times.Once);
Assert.AreEqual(307, _response.Object.StatusCode);
}
public void GetCspSandboxConfigCloned_Configured_ClonesDirective()
{
var firstDirective = new CspSandboxDirectiveConfiguration
{
AllowForms = true,
AllowPointerLock = true,
AllowPopups = true
};
var firstConfig = new CspConfiguration(false) { SandboxDirective = firstDirective };
var secondDirective = new CspSandboxDirectiveConfiguration()
{
AllowSameOrigin = true,
AllowScripts = true,
AllowTopNavigation = true,
Enabled = true
};
var secondConfig = new CspConfiguration(false) { SandboxDirective = secondDirective };
var mapper = new CspConfigMapper();
var firstResult = mapper.GetCspSandboxConfigCloned(firstConfig);
var secondResult = mapper.GetCspSandboxConfigCloned(secondConfig);
Assert.That(firstResult, Is.EqualTo(firstDirective).Using(new CspSandboxDirectiveConfigurationComparer()));
Assert.That(secondResult, Is.EqualTo(secondDirective).Using(new CspSandboxDirectiveConfigurationComparer()));
}
public void GetCspStyleNonce_StyleNonceRequestedNoOverrides_ClonesBaseConfigAndOverridesNonce()
{
var cspConfig = new CspConfiguration();
var cspConfigReportOnly = new CspConfiguration();
var overrideConfig = new CspOverrideConfiguration();
var overrideConfigReportOnly = new CspOverrideConfiguration();
var clonedCspDirective = new CspDirectiveConfiguration();
var clonedCspReportOnlyDirective = new CspDirectiveConfiguration();
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), false)).Returns(cspConfig);
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), true)).Returns(cspConfigReportOnly);
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), false, false)).Returns(overrideConfig);
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), true, false)).Returns(overrideConfigReportOnly);
//No overrides
_directiveConfigMapper.Setup(m => m.GetCspDirectiveConfig(overrideConfig, CspDirectives.StyleSrc)).Returns((ICspDirectiveConfiguration)null);
_directiveConfigMapper.Setup(m => m.GetCspDirectiveConfig(overrideConfigReportOnly, CspDirectives.StyleSrc)).Returns((ICspDirectiveConfiguration)null);
_directiveConfigMapper.Setup(m => m.GetCspDirectiveConfigCloned(cspConfig, CspDirectives.StyleSrc)).Returns(clonedCspDirective);
_directiveConfigMapper.Setup(m => m.GetCspDirectiveConfigCloned(cspConfigReportOnly, CspDirectives.StyleSrc)).Returns(clonedCspReportOnlyDirective);
_directiveConfigMapper.Setup(m => m.SetCspDirectiveConfig(overrideConfig, CspDirectives.StyleSrc, clonedCspDirective));
_directiveConfigMapper.Setup(m => m.SetCspDirectiveConfig(overrideConfigReportOnly, CspDirectives.StyleSrc, clonedCspReportOnlyDirective));
var nonce = CspConfigurationOverrideHelper.GetCspStyleNonce(MockContext);
Assert.AreEqual(nonce, clonedCspDirective.Nonce);
Assert.AreEqual(nonce, clonedCspReportOnlyDirective.Nonce);
_directiveConfigMapper.Verify(m => m.SetCspDirectiveConfig(overrideConfig, CspDirectives.StyleSrc, clonedCspDirective), Times.Once);
_directiveConfigMapper.Verify(m => m.SetCspDirectiveConfig(overrideConfigReportOnly, CspDirectives.StyleSrc, clonedCspReportOnlyDirective), Times.Once);
}
public void SetCspSandboxOverride_NoCurrentOverride_ClonesConfigFromContextAndOverrides([Values(false, true)]bool reportOnly)
{
var contextConfig = new CspConfiguration();
var overrideConfig = new CspOverrideConfiguration();
//Returns CSP config from context
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(contextConfig);
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), reportOnly, false)).Returns(overrideConfig);
//Returns cloned directive config from context config
var clonedContextDirective = new CspSandboxDirectiveConfiguration();
_directiveConfigMapper.Setup(m => m.GetCspSandboxConfigCloned(contextConfig)).Returns(clonedContextDirective);
//We need an override and a result.
var directiveOverride = new CspSandboxOverride();
var directiveOverrideResult = new CspSandboxDirectiveConfiguration();
_directiveOverrideHelper.Setup(h => h.GetOverridenCspSandboxConfig(directiveOverride, clonedContextDirective)).Returns(directiveOverrideResult);
CspConfigurationOverrideHelper.SetCspSandboxOverride(MockContext, directiveOverride, reportOnly);
//Verify that the override result was set on the override config.
Assert.AreSame(directiveOverrideResult, overrideConfig.SandboxDirective);
}
public void SetCspDirectiveOverride_NoCurrentOverride_ClonesConfigFromContextAndOverrides([Values(false, true)]bool reportOnly,
[ValueSource(typeof(CspCommonDirectives), "Directives")] CspDirectives directive)
{
var contextConfig = new CspConfiguration();
var overrideConfig = new CspOverrideConfiguration();
//Returns CSP config from context
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(contextConfig);
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), reportOnly, false)).Returns(overrideConfig);
//There's no override for directive
_directiveConfigMapper.Setup(m => m.GetCspDirectiveConfig(overrideConfig, directive)).Returns((ICspDirectiveConfiguration)null);
//Returns cloned directive config from context config
var clonedContextDirective = new CspDirectiveConfiguration();
_directiveConfigMapper.Setup(m => m.GetCspDirectiveConfigCloned(contextConfig, directive)).Returns(clonedContextDirective);
//We need an override and a result.
var directiveOverride = new CspDirectiveOverride();
var directiveOverrideResult = new CspDirectiveConfiguration();
_directiveOverrideHelper.Setup(h => h.GetOverridenCspDirectiveConfig(directiveOverride, clonedContextDirective)).Returns(directiveOverrideResult);
//This should be called at the very end
_directiveConfigMapper.Setup(m => m.SetCspDirectiveConfig(overrideConfig, directive, directiveOverrideResult));
CspConfigurationOverrideHelper.SetCspDirectiveOverride(MockContext, directive, directiveOverride, reportOnly);
//Verify that the override result was set on the override config.
_directiveConfigMapper.Verify(m => m.SetCspDirectiveConfig(overrideConfig, directive, directiveOverrideResult), Times.Once);
}
public void GetCspReportonlyConfiguration_NoOwinContext_ReturnsSystemWebConfig()
{
var config = new CspConfiguration();
_systemWebContext.CspReportOnly = config;
var result = _contextHelper.GetCspConfiguration(_mockContext, true);
Assert.AreSame(config, result);
}
public void GetCspReportonlyConfiguration_HasOwinConfig_ReturnsOwinConfig()
{
SetupOwinContext();
var config = new CspConfiguration();
_owinContext.CspReportOnly = config;
var result = _contextHelper.GetCspConfiguration(_mockContext, true);
Assert.AreSame(config, result);
}
public void MergeOverrides_HeaderNotConfiguredAndDirectivesConfigured_MergesDirectives()
{
var directives = CspCommonDirectives.Directives().ToArray();
var sourceConfig = new CspOverrideConfiguration { Enabled = false, EnabledOverride = false };
foreach (var directive in directives)
{
_mapper.SetCspDirectiveConfig(sourceConfig, directive, new CspDirectiveConfiguration { Nonce = directive.ToString() });
}
sourceConfig.PluginTypesDirective = new CspPluginTypesDirectiveConfiguration();
sourceConfig.SandboxDirective = new CspSandboxDirectiveConfiguration();
sourceConfig.ReportUriDirective = new CspReportUriDirectiveConfiguration();
var destinationConfig = new CspConfiguration(false) { Enabled = true };
_mapper.MergeOverrides(sourceConfig, destinationConfig);
Assert.IsTrue(destinationConfig.Enabled);
foreach (var directive in directives)
{
var directiveConfig = _mapper.GetCspDirectiveConfig(destinationConfig, directive);
Assert.IsNotNull(directiveConfig);
Assert.AreEqual(directive.ToString(), directiveConfig.Nonce);
}
Assert.AreSame(sourceConfig.PluginTypesDirective, destinationConfig.PluginTypesDirective);
Assert.AreSame(sourceConfig.SandboxDirective, destinationConfig.SandboxDirective);
Assert.AreSame(sourceConfig.ReportUriDirective, destinationConfig.ReportUriDirective);
}
public void MergeOverrides_HeaderConfiguredAndDirectivesNotConfigured_MergesHeaderConfigAndInitializesDirectives()
{
var sourceConfig = new CspOverrideConfiguration { Enabled = false, EnabledOverride = true };
var destinationConfig = new CspConfiguration(false) { Enabled = true };
_mapper.MergeOverrides(sourceConfig, destinationConfig);
var directives = CspCommonDirectives.Directives().ToArray();
Assert.IsFalse(destinationConfig.Enabled);
foreach (var directive in directives)
{
Assert.IsNotNull(_mapper.GetCspDirectiveConfig(destinationConfig, directive));
}
Assert.IsNotNull(destinationConfig.PluginTypesDirective);
Assert.IsNotNull(destinationConfig.SandboxDirective);
Assert.IsNotNull(destinationConfig.ReportUriDirective);
}
public void MergeConfiguration_SourceDirectivesMissingAndTargetDirectivesConfigured_MergesHeaderAttributesAndKeepsTargetDirectives()
{
var directives = CspCommonDirectives.Directives().ToArray();
var sourceConfig = new CspConfiguration(false) { Enabled = false };
var destinationConfig = new CspConfiguration { Enabled = true };
var expectedConfig = new CspConfiguration
{
Enabled = destinationConfig.Enabled,
PluginTypesDirective = destinationConfig.PluginTypesDirective,
SandboxDirective = destinationConfig.SandboxDirective,
ReportUriDirective = destinationConfig.ReportUriDirective
};
//Poor man's clone, to get directives from destinationconfig to expected config.
foreach (var directive in directives)
{
_mapper.SetCspDirectiveConfig(expectedConfig, directive, _mapper.GetCspDirectiveConfig(destinationConfig, directive));
}
_mapper.MergeConfiguration(sourceConfig, destinationConfig);
Assert.IsFalse(destinationConfig.Enabled);
foreach (var directive in directives)
{
Assert.AreSame(_mapper.GetCspDirectiveConfig(expectedConfig, directive), _mapper.GetCspDirectiveConfig(destinationConfig, directive));
}
Assert.AreSame(expectedConfig.PluginTypesDirective, destinationConfig.PluginTypesDirective);
Assert.AreSame(expectedConfig.SandboxDirective, destinationConfig.SandboxDirective);
Assert.AreSame(expectedConfig.ReportUriDirective, destinationConfig.ReportUriDirective);
}
public void MergeConfiguration_SourceDirectivesConfiguredAndTargetUninitialized_MergesHeaderAttributesAndSourceDirectives()
{
var sourceConfig = new CspConfiguration { Enabled = false };
var destinationConfig = new CspConfiguration(false) { Enabled = true };
_mapper.MergeConfiguration(sourceConfig, destinationConfig);
var directives = CspCommonDirectives.Directives().ToArray();
Assert.IsFalse(destinationConfig.Enabled);
foreach (var directive in directives)
{
Assert.AreSame(_mapper.GetCspDirectiveConfig(sourceConfig, directive), _mapper.GetCspDirectiveConfig(destinationConfig, directive));
}
Assert.AreSame(sourceConfig.PluginTypesDirective, destinationConfig.PluginTypesDirective);
Assert.AreSame(sourceConfig.SandboxDirective, destinationConfig.SandboxDirective);
Assert.AreSame(sourceConfig.ReportUriDirective, destinationConfig.ReportUriDirective);
}
public void GetCspSandboxConfigCloned_NoDirective_ReturnsNull()
{
var config = new CspConfiguration(false);
var mapper = new CspConfigMapper();
var clone = mapper.GetCspSandboxConfigCloned(config);
Assert.IsNull(clone);
}
public void SetCspHeaders_Override_CreatesAndHandlesHeaderResult([Values(false, true)] bool reportOnly)
{
//Get ASP.NET stuff in order
var request = new Mock<HttpRequestBase>();
request.SetupAllProperties();
Mock.Get(_mockContext).Setup(c => c.Request).Returns(request.Object);
const string reportUri = "/cspreport";
var contextConfig = new CspConfiguration();
var overrideConfig = new CspConfiguration();
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(contextConfig);
_cspConfigurationOverrideHelper.Setup(h => h.GetCspConfigWithOverrides(It.IsAny<HttpContextBase>(), reportOnly)).Returns(overrideConfig);
_reportHelper.Setup(h => h.GetBuiltInCspReportHandlerRelativeUri()).Returns(reportUri);
_headerGenerator.Setup(g => g.CreateCspResult(overrideConfig, reportOnly, reportUri, contextConfig)).Returns(_expectedHeaderResult);
_overrideHelper.SetCspHeaders(_mockContext, reportOnly);
_headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny<HttpResponseBase>(), _expectedHeaderResult), Times.Once);
}
public void GetCspPluginTypesConfigCloned_Configured_ClonesDirective()
{
var firstDirective = new CspPluginTypesDirectiveConfiguration()
{
Enabled = false,
MediaTypes = new[] { "application/pdf" }
};
var firstConfig = new CspConfiguration(false) { PluginTypesDirective = firstDirective };
var secondDirective = new CspPluginTypesDirectiveConfiguration()
{
Enabled = true,
MediaTypes = new[] { "image/png", "application/pdf" }
};
var secondConfig = new CspConfiguration(false) { PluginTypesDirective = secondDirective };
var mapper = new CspConfigMapper();
var firstResult = mapper.GetCspPluginTypesConfigCloned(firstConfig);
var secondResult = mapper.GetCspPluginTypesConfigCloned(secondConfig);
Assert.That(firstResult, Is.EqualTo(firstDirective).Using(new CspPluginTypesDirectiveConfigurationComparer()));
Assert.That(secondResult, Is.EqualTo(secondDirective).Using(new CspPluginTypesDirectiveConfigurationComparer()));
}
public void TryUpgradeInsecureRequest_CspDisabledAndHttpRequest_ReturnsFalse()
{
SetSecureConnection(false);
var cspConfig = new CspConfiguration
{
Enabled = false,
UpgradeInsecureRequestsDirective = { Enabled = true }
};
var helper = new CspUpgradeInsecureRequestHelper(cspConfig);
Assert.IsFalse(helper.TryUpgradeInsecureRequest(_context.Object));
Assert.AreEqual(200, _response.Object.StatusCode);
}
