public void SetCspDirectiveConfig_CommonCspDirectives_NoException([ValueSource(typeof(CspCommonDirectives), "Directives")] CspDirectives directive) { var config = new CspConfiguration(); var directiveConfig = new CspDirectiveConfiguration(); Assert.DoesNotThrow(() => _mapper.SetCspDirectiveConfig(config, directive, directiveConfig)); }
public ICspConfiguration GetCspConfigWithOverrides([NotNull]HttpContextBase context, bool reportOnly) { var overrides = _contextConfigurationHelper.GetCspConfigurationOverride(context, reportOnly, true); //No overrides if (overrides == null) { return null; } var newConfig = new CspConfiguration(false); var originalConfig = _contextConfigurationHelper.GetCspConfiguration(context, reportOnly); //We might be "attributes only", so no other config around. if (originalConfig != null) { _configMapper.MergeConfiguration(originalConfig, newConfig); } //Deal with header override _configMapper.MergeOverrides(overrides, newConfig); return newConfig; }
public void AddCspHeaders_EnabledButNoDirectivesOrReportUriEnabled_ReturnsEmptyResults([Values(false, true)]bool reportOnly) { var cspConfig = new CspConfiguration { Enabled = true }; var result = _generator.CreateCspResult(cspConfig, reportOnly); Assert.IsNull(result); }
public void AddCspHeaders_Disabled_ReturnsEmptyResults([Values(false, true)]bool reportOnly) { var cspConfig = new CspConfiguration { Enabled = false, DefaultSrcDirective = { SelfSrc = true } }; var result = _generator.CreateCspResult(cspConfig, reportOnly); Assert.IsNull(result); }
public void AddCspHeaders_DisabledButNoncesPresent_ReturnsEmptyResults([Values(false, true)]bool reportOnly) { var cspConfig = new CspConfiguration { Enabled = false, ScriptSrcDirective = { Nonce = "Heyhey" } }; var result = _generator.CreateCspResult(cspConfig, reportOnly); Assert.IsNull(result); }
public void GetCspDirectiveConfigCloned_NoDirective_ReturnsNull() { var config = new CspConfiguration(false); var mapper = new CspConfigMapper(); var clone = mapper.GetCspDirectiveConfigCloned(config, CspDirectives.ScriptSrc); Assert.IsNull(clone); }
public void GetCspDirectiveConfigCloned_DefaultDirective_ClonesDirective() { var directive = new CspDirectiveConfiguration(); var config = new CspConfiguration(false) { ScriptSrcDirective = directive }; var mapper = new CspConfigMapper(); var clone = mapper.GetCspDirectiveConfigCloned(config, CspDirectives.ScriptSrc); Assert.AreNotSame(directive, clone); Assert.That(clone, Is.EqualTo(directive).Using(new CspDirectiveConfigurationComparer())); }
public void AddCspHeaders_CspDirectiveWithTwoSources_ReturnsSetCspCorrectlyFormattedDirectiveResult([Values(false, true)]bool reportOnly) { var cspConfig = new CspConfiguration { Enabled = true, DefaultSrcDirective = { SelfSrc = true } }; cspConfig.DefaultSrcDirective.CustomSources = new[] { "nwebsec.codeplex.com" }; var result = _generator.CreateCspResult(cspConfig, reportOnly); Assert.IsNotNull(result); Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action); Assert.AreEqual(CspHeaderName(reportOnly), result.Name); Assert.AreEqual("default-src 'self' nwebsec.codeplex.com", result.Value); }
public void AddCspHeaders_CspEnabledWithChildSrc_ReturnsSetCspWithChildSrcResult([Values(false, true)]bool reportOnly) { var cspConfig = new CspConfiguration { Enabled = true, ChildSrcDirective = { SelfSrc = true } }; var result = _generator.CreateCspResult(cspConfig, reportOnly); Assert.IsNotNull(result); Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action); Assert.AreEqual(CspHeaderName(reportOnly), result.Name); Assert.AreEqual("child-src 'self'", result.Value); }
public void GetCspElementWithOverrides_OverrideAndConfigFromContext_MergesConfigFromContextAndOverrides([Values(false, true)]bool reportOnly) { var cspConfig = new CspConfiguration(); var overrideConfig = new CspOverrideConfiguration(); _contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(cspConfig); _contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), reportOnly, true)).Returns(overrideConfig); _directiveConfigMapper.Setup(m => m.MergeConfiguration(cspConfig, It.IsAny<ICspConfiguration>())); _directiveConfigMapper.Setup(m => m.MergeOverrides(overrideConfig, It.IsAny<ICspConfiguration>())); var overrideElement = CspConfigurationOverrideHelper.GetCspConfigWithOverrides(MockContext, reportOnly); Assert.IsNotNull(overrideElement); _directiveConfigMapper.Verify(m => m.MergeConfiguration(cspConfig, It.IsAny<ICspConfiguration>()), Times.Once); _directiveConfigMapper.Verify(m => m.MergeOverrides(overrideConfig, It.IsAny<ICspConfiguration>()), Times.Once); }
public void SetCspHeaders_OverrideAndSafari5_DoesNothing([Values(false, true)] bool reportOnly) { //Get ASP.NET stuff in order var request = new Mock<HttpRequestBase>(); request.Setup(r => r.UserAgent).Returns("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2"); Mock.Get(_mockContext).Setup(c => c.Request).Returns(request.Object); var contextConfig = new CspConfiguration(); _contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(contextConfig); _cspConfigurationOverrideHelper.Setup(h => h.GetCspConfigWithOverrides(It.IsAny<HttpContextBase>(), reportOnly)).Returns((CspConfiguration)null); _overrideHelper.SetCspHeaders(_mockContext, reportOnly); _headerGenerator.Verify(g => g.CreateCspResult(It.IsAny<ICspConfiguration>(), reportOnly, It.IsAny<string>(), It.IsAny<ICspConfiguration>()), Times.Never); _headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny<HttpResponseBase>(), It.IsAny<HeaderResult>()), Times.Never); }
public void SetCspHeaders_NoOverride_DoesNothing([Values(false, true)] bool reportOnly) { //Get ASP.NET stuff in order var request = new Mock<HttpRequestBase>(); request.SetupAllProperties(); Mock.Get(_mockContext).Setup(c => c.Request).Returns(request.Object); var contextConfig = new CspConfiguration(); _contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(contextConfig); _cspConfigurationOverrideHelper.Setup(h => h.GetCspConfigWithOverrides(It.IsAny<HttpContextBase>(), reportOnly)).Returns((CspConfiguration)null); _overrideHelper.SetCspHeaders(_mockContext, reportOnly); _headerGenerator.Verify(g => g.CreateCspResult(It.IsAny<ICspConfiguration>(),reportOnly, It.IsAny<string>(), It.IsAny<ICspConfiguration>()), Times.Never); _headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny<HttpResponseBase>(), It.IsAny<HeaderResult>()), Times.Never); }
public void GetCspDirectiveConfig_DirectiveSet_ReturnsDirective() { var directives = CspCommonDirectives.Directives().ToArray(); var config = new CspConfiguration(false); foreach (var directive in directives) { _mapper.SetCspDirectiveConfig(config, directive, new CspDirectiveConfiguration { Nonce = directive.ToString() }); } foreach (var directive in directives) { var directiveConfig = _mapper.GetCspDirectiveConfig(config, directive); Assert.IsNotNull(directiveConfig); Assert.AreEqual(directive.ToString(), directiveConfig.Nonce); } }
public void AddCspHeaders_CspEnabledWithBuiltinReportUri_ReturnsSetCspWithReportUriResult([Values(false, true)]bool reportOnly) { const string builtinReportHandlerUri = "/cspreport"; var cspConfig = new CspConfiguration { Enabled = true, DefaultSrcDirective = { SelfSrc = true }, ReportUriDirective = { Enabled = true, EnableBuiltinHandler = true } }; var result = _generator.CreateCspResult(cspConfig, reportOnly, builtinReportHandlerUri: builtinReportHandlerUri); Assert.IsNotNull(result); Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action); Assert.AreEqual(CspHeaderName(reportOnly), result.Name); Assert.AreEqual("default-src 'self';report-uri " + builtinReportHandlerUri, result.Value); }
public void GetCspDirectiveConfigCloned_Configured_ClonesDirective() { var directive = new CspDirectiveConfiguration { Enabled = false, NoneSrc = true, SelfSrc = true, UnsafeEvalSrc = true, UnsafeInlineSrc = false, CustomSources = new[] { "https://www.nwebsec.com", "www.klings.org" } }; var config = new CspConfiguration(false) { ScriptSrcDirective = directive }; var mapper = new CspConfigMapper(); var clone = mapper.GetCspDirectiveConfigCloned(config, CspDirectives.ScriptSrc); Assert.AreNotSame(directive, clone); Assert.That(clone, Is.EqualTo(directive).Using(new CspDirectiveConfigurationComparer())); }
public void TryUpgradeInsecureRequest_UpgradeEnabledAndUpgradableRequest_RedirectsAndReturnsTrue() { _response.Setup(r => r.AppendHeader(It.IsAny<string>(), It.IsAny<string>())); _response.Setup(r => r.Redirect(It.IsAny<string>(), false)); _response.Setup(r => r.End()); SetRequestUri("http://www.nwebsec.com"); SetSecureConnection(false); var cspConfig = new CspConfiguration { Enabled = true, UpgradeInsecureRequestsDirective = { Enabled = true } }; var helper = new CspUpgradeInsecureRequestHelper(cspConfig); Assert.IsTrue(helper.TryUpgradeInsecureRequest(_context.Object)); _response.Verify(r => r.AppendHeader("Vary", "Upgrade-Insecure-Requests"), Times.Once); _response.Verify(r => r.Redirect("https://www.nwebsec.com/", false), Times.Once); _response.Verify(r => r.End(), Times.Once); Assert.AreEqual(307, _response.Object.StatusCode); }
public void GetCspSandboxConfigCloned_Configured_ClonesDirective() { var firstDirective = new CspSandboxDirectiveConfiguration { AllowForms = true, AllowPointerLock = true, AllowPopups = true }; var firstConfig = new CspConfiguration(false) { SandboxDirective = firstDirective }; var secondDirective = new CspSandboxDirectiveConfiguration() { AllowSameOrigin = true, AllowScripts = true, AllowTopNavigation = true, Enabled = true }; var secondConfig = new CspConfiguration(false) { SandboxDirective = secondDirective }; var mapper = new CspConfigMapper(); var firstResult = mapper.GetCspSandboxConfigCloned(firstConfig); var secondResult = mapper.GetCspSandboxConfigCloned(secondConfig); Assert.That(firstResult, Is.EqualTo(firstDirective).Using(new CspSandboxDirectiveConfigurationComparer())); Assert.That(secondResult, Is.EqualTo(secondDirective).Using(new CspSandboxDirectiveConfigurationComparer())); }
public void GetCspStyleNonce_StyleNonceRequestedNoOverrides_ClonesBaseConfigAndOverridesNonce() { var cspConfig = new CspConfiguration(); var cspConfigReportOnly = new CspConfiguration(); var overrideConfig = new CspOverrideConfiguration(); var overrideConfigReportOnly = new CspOverrideConfiguration(); var clonedCspDirective = new CspDirectiveConfiguration(); var clonedCspReportOnlyDirective = new CspDirectiveConfiguration(); _contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), false)).Returns(cspConfig); _contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), true)).Returns(cspConfigReportOnly); _contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), false, false)).Returns(overrideConfig); _contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), true, false)).Returns(overrideConfigReportOnly); //No overrides _directiveConfigMapper.Setup(m => m.GetCspDirectiveConfig(overrideConfig, CspDirectives.StyleSrc)).Returns((ICspDirectiveConfiguration)null); _directiveConfigMapper.Setup(m => m.GetCspDirectiveConfig(overrideConfigReportOnly, CspDirectives.StyleSrc)).Returns((ICspDirectiveConfiguration)null); _directiveConfigMapper.Setup(m => m.GetCspDirectiveConfigCloned(cspConfig, CspDirectives.StyleSrc)).Returns(clonedCspDirective); _directiveConfigMapper.Setup(m => m.GetCspDirectiveConfigCloned(cspConfigReportOnly, CspDirectives.StyleSrc)).Returns(clonedCspReportOnlyDirective); _directiveConfigMapper.Setup(m => m.SetCspDirectiveConfig(overrideConfig, CspDirectives.StyleSrc, clonedCspDirective)); _directiveConfigMapper.Setup(m => m.SetCspDirectiveConfig(overrideConfigReportOnly, CspDirectives.StyleSrc, clonedCspReportOnlyDirective)); var nonce = CspConfigurationOverrideHelper.GetCspStyleNonce(MockContext); Assert.AreEqual(nonce, clonedCspDirective.Nonce); Assert.AreEqual(nonce, clonedCspReportOnlyDirective.Nonce); _directiveConfigMapper.Verify(m => m.SetCspDirectiveConfig(overrideConfig, CspDirectives.StyleSrc, clonedCspDirective), Times.Once); _directiveConfigMapper.Verify(m => m.SetCspDirectiveConfig(overrideConfigReportOnly, CspDirectives.StyleSrc, clonedCspReportOnlyDirective), Times.Once); }
public void SetCspSandboxOverride_NoCurrentOverride_ClonesConfigFromContextAndOverrides([Values(false, true)]bool reportOnly) { var contextConfig = new CspConfiguration(); var overrideConfig = new CspOverrideConfiguration(); //Returns CSP config from context _contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(contextConfig); _contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), reportOnly, false)).Returns(overrideConfig); //Returns cloned directive config from context config var clonedContextDirective = new CspSandboxDirectiveConfiguration(); _directiveConfigMapper.Setup(m => m.GetCspSandboxConfigCloned(contextConfig)).Returns(clonedContextDirective); //We need an override and a result. var directiveOverride = new CspSandboxOverride(); var directiveOverrideResult = new CspSandboxDirectiveConfiguration(); _directiveOverrideHelper.Setup(h => h.GetOverridenCspSandboxConfig(directiveOverride, clonedContextDirective)).Returns(directiveOverrideResult); CspConfigurationOverrideHelper.SetCspSandboxOverride(MockContext, directiveOverride, reportOnly); //Verify that the override result was set on the override config. Assert.AreSame(directiveOverrideResult, overrideConfig.SandboxDirective); }
public void SetCspDirectiveOverride_NoCurrentOverride_ClonesConfigFromContextAndOverrides([Values(false, true)]bool reportOnly, [ValueSource(typeof(CspCommonDirectives), "Directives")] CspDirectives directive) { var contextConfig = new CspConfiguration(); var overrideConfig = new CspOverrideConfiguration(); //Returns CSP config from context _contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(contextConfig); _contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), reportOnly, false)).Returns(overrideConfig); //There's no override for directive _directiveConfigMapper.Setup(m => m.GetCspDirectiveConfig(overrideConfig, directive)).Returns((ICspDirectiveConfiguration)null); //Returns cloned directive config from context config var clonedContextDirective = new CspDirectiveConfiguration(); _directiveConfigMapper.Setup(m => m.GetCspDirectiveConfigCloned(contextConfig, directive)).Returns(clonedContextDirective); //We need an override and a result. var directiveOverride = new CspDirectiveOverride(); var directiveOverrideResult = new CspDirectiveConfiguration(); _directiveOverrideHelper.Setup(h => h.GetOverridenCspDirectiveConfig(directiveOverride, clonedContextDirective)).Returns(directiveOverrideResult); //This should be called at the very end _directiveConfigMapper.Setup(m => m.SetCspDirectiveConfig(overrideConfig, directive, directiveOverrideResult)); CspConfigurationOverrideHelper.SetCspDirectiveOverride(MockContext, directive, directiveOverride, reportOnly); //Verify that the override result was set on the override config. _directiveConfigMapper.Verify(m => m.SetCspDirectiveConfig(overrideConfig, directive, directiveOverrideResult), Times.Once); }
public void GetCspReportonlyConfiguration_NoOwinContext_ReturnsSystemWebConfig() { var config = new CspConfiguration(); _systemWebContext.CspReportOnly = config; var result = _contextHelper.GetCspConfiguration(_mockContext, true); Assert.AreSame(config, result); }
public void GetCspReportonlyConfiguration_HasOwinConfig_ReturnsOwinConfig() { SetupOwinContext(); var config = new CspConfiguration(); _owinContext.CspReportOnly = config; var result = _contextHelper.GetCspConfiguration(_mockContext, true); Assert.AreSame(config, result); }
public void MergeOverrides_HeaderNotConfiguredAndDirectivesConfigured_MergesDirectives() { var directives = CspCommonDirectives.Directives().ToArray(); var sourceConfig = new CspOverrideConfiguration { Enabled = false, EnabledOverride = false }; foreach (var directive in directives) { _mapper.SetCspDirectiveConfig(sourceConfig, directive, new CspDirectiveConfiguration { Nonce = directive.ToString() }); } sourceConfig.PluginTypesDirective = new CspPluginTypesDirectiveConfiguration(); sourceConfig.SandboxDirective = new CspSandboxDirectiveConfiguration(); sourceConfig.ReportUriDirective = new CspReportUriDirectiveConfiguration(); var destinationConfig = new CspConfiguration(false) { Enabled = true }; _mapper.MergeOverrides(sourceConfig, destinationConfig); Assert.IsTrue(destinationConfig.Enabled); foreach (var directive in directives) { var directiveConfig = _mapper.GetCspDirectiveConfig(destinationConfig, directive); Assert.IsNotNull(directiveConfig); Assert.AreEqual(directive.ToString(), directiveConfig.Nonce); } Assert.AreSame(sourceConfig.PluginTypesDirective, destinationConfig.PluginTypesDirective); Assert.AreSame(sourceConfig.SandboxDirective, destinationConfig.SandboxDirective); Assert.AreSame(sourceConfig.ReportUriDirective, destinationConfig.ReportUriDirective); }
public void MergeOverrides_HeaderConfiguredAndDirectivesNotConfigured_MergesHeaderConfigAndInitializesDirectives() { var sourceConfig = new CspOverrideConfiguration { Enabled = false, EnabledOverride = true }; var destinationConfig = new CspConfiguration(false) { Enabled = true }; _mapper.MergeOverrides(sourceConfig, destinationConfig); var directives = CspCommonDirectives.Directives().ToArray(); Assert.IsFalse(destinationConfig.Enabled); foreach (var directive in directives) { Assert.IsNotNull(_mapper.GetCspDirectiveConfig(destinationConfig, directive)); } Assert.IsNotNull(destinationConfig.PluginTypesDirective); Assert.IsNotNull(destinationConfig.SandboxDirective); Assert.IsNotNull(destinationConfig.ReportUriDirective); }
public void MergeConfiguration_SourceDirectivesMissingAndTargetDirectivesConfigured_MergesHeaderAttributesAndKeepsTargetDirectives() { var directives = CspCommonDirectives.Directives().ToArray(); var sourceConfig = new CspConfiguration(false) { Enabled = false }; var destinationConfig = new CspConfiguration { Enabled = true }; var expectedConfig = new CspConfiguration { Enabled = destinationConfig.Enabled, PluginTypesDirective = destinationConfig.PluginTypesDirective, SandboxDirective = destinationConfig.SandboxDirective, ReportUriDirective = destinationConfig.ReportUriDirective }; //Poor man's clone, to get directives from destinationconfig to expected config. foreach (var directive in directives) { _mapper.SetCspDirectiveConfig(expectedConfig, directive, _mapper.GetCspDirectiveConfig(destinationConfig, directive)); } _mapper.MergeConfiguration(sourceConfig, destinationConfig); Assert.IsFalse(destinationConfig.Enabled); foreach (var directive in directives) { Assert.AreSame(_mapper.GetCspDirectiveConfig(expectedConfig, directive), _mapper.GetCspDirectiveConfig(destinationConfig, directive)); } Assert.AreSame(expectedConfig.PluginTypesDirective, destinationConfig.PluginTypesDirective); Assert.AreSame(expectedConfig.SandboxDirective, destinationConfig.SandboxDirective); Assert.AreSame(expectedConfig.ReportUriDirective, destinationConfig.ReportUriDirective); }
public void MergeConfiguration_SourceDirectivesConfiguredAndTargetUninitialized_MergesHeaderAttributesAndSourceDirectives() { var sourceConfig = new CspConfiguration { Enabled = false }; var destinationConfig = new CspConfiguration(false) { Enabled = true }; _mapper.MergeConfiguration(sourceConfig, destinationConfig); var directives = CspCommonDirectives.Directives().ToArray(); Assert.IsFalse(destinationConfig.Enabled); foreach (var directive in directives) { Assert.AreSame(_mapper.GetCspDirectiveConfig(sourceConfig, directive), _mapper.GetCspDirectiveConfig(destinationConfig, directive)); } Assert.AreSame(sourceConfig.PluginTypesDirective, destinationConfig.PluginTypesDirective); Assert.AreSame(sourceConfig.SandboxDirective, destinationConfig.SandboxDirective); Assert.AreSame(sourceConfig.ReportUriDirective, destinationConfig.ReportUriDirective); }
public void GetCspSandboxConfigCloned_NoDirective_ReturnsNull() { var config = new CspConfiguration(false); var mapper = new CspConfigMapper(); var clone = mapper.GetCspSandboxConfigCloned(config); Assert.IsNull(clone); }
public void SetCspHeaders_Override_CreatesAndHandlesHeaderResult([Values(false, true)] bool reportOnly) { //Get ASP.NET stuff in order var request = new Mock<HttpRequestBase>(); request.SetupAllProperties(); Mock.Get(_mockContext).Setup(c => c.Request).Returns(request.Object); const string reportUri = "/cspreport"; var contextConfig = new CspConfiguration(); var overrideConfig = new CspConfiguration(); _contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(contextConfig); _cspConfigurationOverrideHelper.Setup(h => h.GetCspConfigWithOverrides(It.IsAny<HttpContextBase>(), reportOnly)).Returns(overrideConfig); _reportHelper.Setup(h => h.GetBuiltInCspReportHandlerRelativeUri()).Returns(reportUri); _headerGenerator.Setup(g => g.CreateCspResult(overrideConfig, reportOnly, reportUri, contextConfig)).Returns(_expectedHeaderResult); _overrideHelper.SetCspHeaders(_mockContext, reportOnly); _headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny<HttpResponseBase>(), _expectedHeaderResult), Times.Once); }
public void GetCspPluginTypesConfigCloned_Configured_ClonesDirective() { var firstDirective = new CspPluginTypesDirectiveConfiguration() { Enabled = false, MediaTypes = new[] { "application/pdf" } }; var firstConfig = new CspConfiguration(false) { PluginTypesDirective = firstDirective }; var secondDirective = new CspPluginTypesDirectiveConfiguration() { Enabled = true, MediaTypes = new[] { "image/png", "application/pdf" } }; var secondConfig = new CspConfiguration(false) { PluginTypesDirective = secondDirective }; var mapper = new CspConfigMapper(); var firstResult = mapper.GetCspPluginTypesConfigCloned(firstConfig); var secondResult = mapper.GetCspPluginTypesConfigCloned(secondConfig); Assert.That(firstResult, Is.EqualTo(firstDirective).Using(new CspPluginTypesDirectiveConfigurationComparer())); Assert.That(secondResult, Is.EqualTo(secondDirective).Using(new CspPluginTypesDirectiveConfigurationComparer())); }
public void TryUpgradeInsecureRequest_CspDisabledAndHttpRequest_ReturnsFalse() { SetSecureConnection(false); var cspConfig = new CspConfiguration { Enabled = false, UpgradeInsecureRequestsDirective = { Enabled = true } }; var helper = new CspUpgradeInsecureRequestHelper(cspConfig); Assert.IsFalse(helper.TryUpgradeInsecureRequest(_context.Object)); Assert.AreEqual(200, _response.Object.StatusCode); }