public async Task PermissionsPolicyHeaderShouldBeAdded(string[] permissionsPolicies, string expectedValue)
{
// Arrange
var options = new SecurityHeadersOptions
{
PermissionsPolicy = permissionsPolicies
};
var middleware = new SecurityHeadersMiddleware(options, Request);
var context = new DefaultHttpContext();
// Act
await middleware.Invoke(context);
// Assert
Assert.True(context.Response.Headers.ContainsKey(SecurityHeaderNames.PermissionsPolicy));
Assert.Equal(expectedValue, context.Response.Headers[SecurityHeaderNames.PermissionsPolicy]);
}
public async Task ContentTypeOptionsHeaderShouldBeAdded()
{
// Arrange
var options = new SecurityHeadersOptions
{
ContentTypeOptions = ContentTypeOptionsValue.NoSniff
};
var middleware = new SecurityHeadersMiddleware(options, Request);
var context = new DefaultHttpContext();
// Act
await middleware.Invoke(context);
// Assert
Assert.True(context.Response.Headers.ContainsKey(SecurityHeaderNames.XContentTypeOptions));
Assert.Equal(ContentTypeOptionsValue.NoSniff, context.Response.Headers[SecurityHeaderNames.XContentTypeOptions]);
}