public void ContentSecurityPolicyMiddleware_adds_CrazyEgg() { var context = new DefaultHttpContext(); context.Response.ContentType = "text/html"; var environment = new Mock <IHostingEnvironment>(); ContentSecurityPolicyMiddleware.AddHeader(context, environment.Object, new CspOptions(), new List <ContentSecurityPolicyDependency>()); Assert.Contains("https://*.crazyegg.com", context.Response.Headers["Content-Security-Policy"].ToString()); }
public void ContentSecurityPolicyMiddleware_does_not_add_header_to_text_response() { var context = new DefaultHttpContext(); context.Response.ContentType = "text/plain"; var environment = new Mock <IHostingEnvironment>(); ContentSecurityPolicyMiddleware.AddHeader(context, environment.Object, new CspOptions(), new List <ContentSecurityPolicyDependency>()); Assert.False(context.Response.Headers.TryGetValue("Content-Security-Policy", out var someHeader)); }
public void ContentSecurityPolicyMiddleware_adds_EastSussexGovUK_defaults() { var context = new DefaultHttpContext(); context.Response.ContentType = "text/html"; var environment = new Mock <IHostingEnvironment>(); ContentSecurityPolicyMiddleware.AddHeader(context, environment.Object, new CspOptions(), new List <ContentSecurityPolicyDependency>()); Assert.Contains("https://www.eastsussex.gov.uk", context.Response.Headers["Content-Security-Policy"].ToString()); }
public void ContentSecurityPolicyMiddleware_adds_policy_from_startup() { var context = new DefaultHttpContext(); context.Response.ContentType = "text/html"; var environment = new Mock <IHostingEnvironment>(); var policyFromStartup = new CspOptions().AddYouTube(); ContentSecurityPolicyMiddleware.AddHeader(context, environment.Object, policyFromStartup, new List <ContentSecurityPolicyDependency>()); Assert.Contains("https://www.youtube-nocookie.com", context.Response.Headers["Content-Security-Policy"].ToString()); }
public void ContentSecurityPolicyMiddleware_excludes_localhost_in_production() { var context = new DefaultHttpContext(); context.Response.ContentType = "text/html"; var environment = new Mock <IHostingEnvironment>(); environment.Setup(x => x.EnvironmentName).Returns(EnvironmentName.Production); ContentSecurityPolicyMiddleware.AddHeader(context, environment.Object, new CspOptions(), new List <ContentSecurityPolicyDependency>()); Assert.DoesNotContain("https://localhost", context.Response.Headers["Content-Security-Policy"].ToString()); }