public async Task ContentSecurityPolicyMiddlewareTest_invoke_otherTypes()
{
// Arrange
var httpContext = new DefaultHttpContext();
httpContext.Request.Scheme = "http";
var authMiddleware = new ContentSecurityPolicyMiddleware((innerHttpContext) => Task.FromResult(0));
// Act
await authMiddleware.Invoke(httpContext);
// test
var referrerPolicy = httpContext.Response.Headers["Referrer-Policy"].ToString();
Assert.AreEqual("no-referrer", referrerPolicy);
var frameOptions = httpContext.Response.Headers["X-Frame-Options"].ToString();
Assert.AreEqual("DENY", frameOptions);
// X-Xss-Protection
var xssProtection = httpContext.Response.Headers["X-Xss-Protection"].ToString();
Assert.AreEqual("1; mode=block", xssProtection);
// X-Content-Type-Options
var contentTypeOptions = httpContext.Response.Headers["X-Content-Type-Options"].ToString();
Assert.AreEqual("nosniff", contentTypeOptions);
}
public async Task ContentSecurityPolicyMiddlewareTest_invoke_testContent()
{
// Arrange
var httpContext = new DefaultHttpContext();
httpContext.Request.Scheme = "http";
var authMiddleware = new ContentSecurityPolicyMiddleware(next: (innerHttpContext) => Task.FromResult(0));
// Act
await authMiddleware.Invoke(httpContext);
//test
var csp = httpContext.Response.Headers["Content-Security-Policy"].ToString();
Assert.AreEqual(true, csp.Contains("default-src"));
Assert.AreEqual(true, csp.Contains("ws://"));
}
public async Task invoke_httpsTest_websockets_localhostWithNoPort()
{
// Arrange
var httpContext = new DefaultHttpContext();
httpContext.Request.Scheme = "https";
httpContext.Request.Host = new HostString("localhost");
var authMiddleware = new ContentSecurityPolicyMiddleware(next: (innerHttpContext) => Task.FromResult(0));
// Act
await authMiddleware.Invoke(httpContext);
//test
var csp = httpContext.Response.Headers["Content-Security-Policy"].ToString();
Assert.AreEqual(true, csp.Contains("default-src"));
Assert.AreEqual(true, csp.Contains("wss://localhost"));
Assert.IsFalse(csp.Contains("wss://localhost:"));
}
