public async Task ContentSecurityPolicyMiddlewareTest_invoke_otherTypes() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.Scheme = "http"; var authMiddleware = new ContentSecurityPolicyMiddleware((innerHttpContext) => Task.FromResult(0)); // Act await authMiddleware.Invoke(httpContext); // test var referrerPolicy = httpContext.Response.Headers["Referrer-Policy"].ToString(); Assert.AreEqual("no-referrer", referrerPolicy); var frameOptions = httpContext.Response.Headers["X-Frame-Options"].ToString(); Assert.AreEqual("DENY", frameOptions); // X-Xss-Protection var xssProtection = httpContext.Response.Headers["X-Xss-Protection"].ToString(); Assert.AreEqual("1; mode=block", xssProtection); // X-Content-Type-Options var contentTypeOptions = httpContext.Response.Headers["X-Content-Type-Options"].ToString(); Assert.AreEqual("nosniff", contentTypeOptions); }
public async Task ContentSecurityPolicyMiddlewareTest_invoke_testContent() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.Scheme = "http"; var authMiddleware = new ContentSecurityPolicyMiddleware(next: (innerHttpContext) => Task.FromResult(0)); // Act await authMiddleware.Invoke(httpContext); //test var csp = httpContext.Response.Headers["Content-Security-Policy"].ToString(); Assert.AreEqual(true, csp.Contains("default-src")); Assert.AreEqual(true, csp.Contains("ws://")); }
public async Task invoke_httpsTest_websockets_localhostWithNoPort() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.Scheme = "https"; httpContext.Request.Host = new HostString("localhost"); var authMiddleware = new ContentSecurityPolicyMiddleware(next: (innerHttpContext) => Task.FromResult(0)); // Act await authMiddleware.Invoke(httpContext); //test var csp = httpContext.Response.Headers["Content-Security-Policy"].ToString(); Assert.AreEqual(true, csp.Contains("default-src")); Assert.AreEqual(true, csp.Contains("wss://localhost")); Assert.IsFalse(csp.Contains("wss://localhost:")); }