public void EnrichDoesntAddHeaderIfHstsNotEnabled()
{
var mockResponse = new Mock <HttpResponseBase>();
var mockRequest = new Mock <HttpRequestBase>();
var mockSecurityEvaluator = new Mock <ISecurityEvaluator>();
var enricher = new HstsResponseEnricher();
var settings = new Settings {
EnableHsts = false,
HstsMaxAge = 42
};
mockSecurityEvaluator.Setup(e => e.IsSecureConnection(mockRequest.Object, settings)).Returns(true);
enricher.Enrich(mockResponse.Object, mockRequest.Object, mockSecurityEvaluator.Object, settings);
mockResponse.Verify(resp => resp.AddHeader(It.IsAny <string>(), It.IsAny <string>()), Times.Never());
}
public void EnrichAddsHstsHeaderWithMaxAge()
{
const int HstsMaxAge = 42;
var mockResponse = new Mock <HttpResponseBase>();
var mockRequest = new Mock <HttpRequestBase>();
var mockSecurityEvaluator = new Mock <ISecurityEvaluator>();
var enricher = new HstsResponseEnricher();
var settings = new Settings {
EnableHsts = true,
HstsMaxAge = HstsMaxAge
};
mockSecurityEvaluator.Setup(e => e.IsSecureConnection(mockRequest.Object, settings)).Returns(true);
enricher.Enrich(mockResponse.Object, mockRequest.Object, mockSecurityEvaluator.Object, settings);
mockResponse.Verify(resp => resp.AddHeader("Strict-Transport-Security", string.Format("max-age={0:f0}", HstsMaxAge)));
}
