public void GetCspReportFromRequest_FromChrome_ReadsCspReportFromRequest()
{
var helper = new CspReportHelper();
var mockRequest = new Mock<HttpRequestBase>();
const string cspReport =
"{\"csp-report\":{\"document-uri\":\"http://localhost/NWebsecMvc3\",\"violated-directive\":\"script-src 'none'\",\"original-policy\":\"script-src 'none'; report-uri /NWebsecMvc3/WebResource.axd?cspReport=true\",\"blocked-uri\":\"http://localhost/NWebsecMvc3/Scripts/jquery-1.7.1.min.js\"}}";
var cspReportBytes = Encoding.UTF8.GetBytes(cspReport);
using (var ms = new MemoryStream(cspReportBytes))
{
mockRequest.Setup(r => r.InputStream).Returns(ms);
CspViolationReport violationReport;
Assert.IsTrue(helper.TryGetCspReportFromRequest(mockRequest.Object, out violationReport));
var values = violationReport.Details;
Assert.IsNotNull(values);
Assert.AreEqual("http://localhost/NWebsecMvc3", values.DocumentUri);
Assert.AreEqual("script-src 'none'", values.ViolatedDirective);
Assert.AreEqual("script-src 'none'; report-uri /NWebsecMvc3/WebResource.axd?cspReport=true",
values.OriginalPolicy);
Assert.AreEqual("http://localhost/NWebsecMvc3/Scripts/jquery-1.7.1.min.js", values.BlockedUri);
Assert.AreEqual("", values.Referrer);
}
}
public void GetCspReportFromRequest_IncludesUserAgentInCspReport()
{
const string userAgent = "Opera, of course!";
var helper = new CspReportHelper();
var mockRequest = new Mock<HttpRequestBase>();
mockRequest.Setup(r => r.UserAgent).Returns(userAgent);
const string cspReport =
"{\"csp-report\":{\"document-uri\":\"http://localhost/NWebsecMvc3\",\"referrer\":\"\",\"blocked-uri\":\"http://localhost/NWebsecMvc3/Scripts/jquery-1.7.1.min.js\",\"violated-directive\":\"script-src 'none'\"}}";
var cspReportBytes = Encoding.UTF8.GetBytes(cspReport);
using (var ms = new MemoryStream(cspReportBytes))
{
mockRequest.Setup(r => r.InputStream).Returns(ms);
CspViolationReport violationReport;
Assert.IsTrue(helper.TryGetCspReportFromRequest(mockRequest.Object, out violationReport));
Assert.AreEqual(userAgent, violationReport.UserAgent);
}
}
