public void ContentSecurityPolicyMiddleware_adds_CrazyEgg()
        {
            var context = new DefaultHttpContext();

            context.Response.ContentType = "text/html";
            var environment = new Mock <IHostingEnvironment>();

            ContentSecurityPolicyMiddleware.AddHeader(context, environment.Object, new CspOptions(), new List <ContentSecurityPolicyDependency>());

            Assert.Contains("https://*.crazyegg.com", context.Response.Headers["Content-Security-Policy"].ToString());
        }
        public void ContentSecurityPolicyMiddleware_does_not_add_header_to_text_response()
        {
            var context = new DefaultHttpContext();

            context.Response.ContentType = "text/plain";
            var environment = new Mock <IHostingEnvironment>();

            ContentSecurityPolicyMiddleware.AddHeader(context, environment.Object, new CspOptions(), new List <ContentSecurityPolicyDependency>());

            Assert.False(context.Response.Headers.TryGetValue("Content-Security-Policy", out var someHeader));
        }
        public void ContentSecurityPolicyMiddleware_adds_EastSussexGovUK_defaults()
        {
            var context = new DefaultHttpContext();

            context.Response.ContentType = "text/html";
            var environment = new Mock <IHostingEnvironment>();

            ContentSecurityPolicyMiddleware.AddHeader(context, environment.Object, new CspOptions(), new List <ContentSecurityPolicyDependency>());

            Assert.Contains("https://www.eastsussex.gov.uk", context.Response.Headers["Content-Security-Policy"].ToString());
        }
        public void ContentSecurityPolicyMiddleware_adds_policy_from_startup()
        {
            var context = new DefaultHttpContext();

            context.Response.ContentType = "text/html";
            var environment       = new Mock <IHostingEnvironment>();
            var policyFromStartup = new CspOptions().AddYouTube();

            ContentSecurityPolicyMiddleware.AddHeader(context, environment.Object, policyFromStartup, new List <ContentSecurityPolicyDependency>());

            Assert.Contains("https://www.youtube-nocookie.com", context.Response.Headers["Content-Security-Policy"].ToString());
        }
        public void ContentSecurityPolicyMiddleware_excludes_localhost_in_production()
        {
            var context = new DefaultHttpContext();

            context.Response.ContentType = "text/html";
            var environment = new Mock <IHostingEnvironment>();

            environment.Setup(x => x.EnvironmentName).Returns(EnvironmentName.Production);

            ContentSecurityPolicyMiddleware.AddHeader(context, environment.Object, new CspOptions(), new List <ContentSecurityPolicyDependency>());

            Assert.DoesNotContain("https://localhost", context.Response.Headers["Content-Security-Policy"].ToString());
        }