2020-10-06 22:27:36 +00:00
|
|
|
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
|
package securityheader
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestWrap(t *testing.T) {
|
|
|
|
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
_, _ = w.Write([]byte("hello world"))
|
|
|
|
})
|
|
|
|
rec := httptest.NewRecorder()
|
|
|
|
Wrap(handler).ServeHTTP(rec, httptest.NewRequest(http.MethodGet, "/", nil))
|
|
|
|
require.Equal(t, http.StatusOK, rec.Code)
|
|
|
|
require.Equal(t, "hello world", rec.Body.String())
|
|
|
|
require.EqualValues(t, http.Header{
|
|
|
|
"Content-Security-Policy": []string{"default-src 'none'; frame-ancestors 'none'"},
|
|
|
|
"Content-Type": []string{"text/plain; charset=utf-8"},
|
|
|
|
"Referrer-Policy": []string{"no-referrer"},
|
|
|
|
"X-Content-Type-Options": []string{"nosniff"},
|
|
|
|
"X-Frame-Options": []string{"DENY"},
|
|
|
|
"X-Xss-Protection": []string{"1; mode=block"},
|
2020-12-14 23:28:32 +00:00
|
|
|
"X-Dns-Prefetch-Control": []string{"off"},
|
|
|
|
"Cache-Control": []string{"no-cache", "no-store", "max-age=0", "must-revalidate"},
|
|
|
|
"Pragma": []string{"no-cache"},
|
|
|
|
"Expires": []string{"0"},
|
2020-10-06 22:27:36 +00:00
|
|
|
}, rec.Header())
|
|
|
|
}
|