31 lines
996 B
Go
31 lines
996 B
Go
|
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
||
|
// SPDX-License-Identifier: Apache-2.0
|
||
|
|
||
|
package securityheader
|
||
|
|
||
|
import (
|
||
|
"net/http"
|
||
|
"net/http/httptest"
|
||
|
"testing"
|
||
|
|
||
|
"github.com/stretchr/testify/require"
|
||
|
)
|
||
|
|
||
|
func TestWrap(t *testing.T) {
|
||
|
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||
|
_, _ = w.Write([]byte("hello world"))
|
||
|
})
|
||
|
rec := httptest.NewRecorder()
|
||
|
Wrap(handler).ServeHTTP(rec, httptest.NewRequest(http.MethodGet, "/", nil))
|
||
|
require.Equal(t, http.StatusOK, rec.Code)
|
||
|
require.Equal(t, "hello world", rec.Body.String())
|
||
|
require.EqualValues(t, http.Header{
|
||
|
"Content-Security-Policy": []string{"default-src 'none'; frame-ancestors 'none'"},
|
||
|
"Content-Type": []string{"text/plain; charset=utf-8"},
|
||
|
"Referrer-Policy": []string{"no-referrer"},
|
||
|
"X-Content-Type-Options": []string{"nosniff"},
|
||
|
"X-Frame-Options": []string{"DENY"},
|
||
|
"X-Xss-Protection": []string{"1; mode=block"},
|
||
|
}, rec.Header())
|
||
|
}
|