public async Task HpkpHeaderIsNotIncluded_WhenRequestHeadersAlreadyContainHpkpHeader()
{
RequestDelegate mockNext = (HttpContext ctx) =>
{
return(Task.CompletedTask);
};
var options = Options.Create(new HpkpOptions()
{
MaxAgeSeconds = 60,
Pins = new List <string> {
"a"
}
});
var sut = new HpkpMiddleware(mockNext, options);
var mockContext = new DefaultHttpContext();
mockContext.Response.Headers.Add("Public-Key-Pins", "abc; max-age=60");
await sut.Invoke(mockContext);
//Invoke throws System.ArgumentException if it tries to add the header again
}
public async Task HpkpHeaderIsNotIncluded_WhenRequestHeadersAlreadyContainHpkpReportOnlyHeader()
{
bool hpkpHeaderExists = true;
RequestDelegate mockNext = (HttpContext ctx) =>
{
hpkpHeaderExists = ctx.Response.Headers.ContainsKey("Public-Key-Pins");
return(Task.CompletedTask);
};
var options = Options.Create(new HpkpOptions()
{
MaxAgeSeconds = 60,
Pins = new List <string> {
"a"
}
});
var sut = new HpkpMiddleware(mockNext, options);
var mockContext = new DefaultHttpContext();
mockContext.Response.Headers.Add("Public-Key-Pins-Report-Only", "abc; max-age=60");
await sut.Invoke(mockContext);
Assert.False(hpkpHeaderExists);
}