Skip to content
Browse files

added security header test back

  • Loading branch information...
1 parent 4bda742 commit c3d8d512ea05566b8e201f6ab33d525922889289 @bhuvak bhuvak committed Jun 16, 2014
View
1 tests/NuGetGallery.FunctionalTests/NuGetGallery.FunctionalTests.csproj
@@ -83,6 +83,7 @@
<Compile Include="ODataTests\BasicPages\LinksTests.cs" />
<Compile Include="ODataTests\LoadTests\LoadTests.cs" />
<Compile Include="ODataTests\Statistics\PackageStatsTests.cs" />
+ <Compile Include="WebUITests\BasicPages\SecurityHeaderTest.cs" />
<Compile Include="WebUITests\ReadOnlyMode\AccountManagementInReadOnlyModeTest.cs" />
<Compile Include="WebUITests\ReadOnlyMode\UploadPackageFromInUIInReadOnlyMode.cs" />
<Compile Include="WebUITests\AccountManagement\RegisterNewUserTest.cs" />
View
48 tests/NuGetGallery.FunctionalTests/WebUITests/BasicPages/SecurityHeaderTest.cs
@@ -0,0 +1,48 @@
+using Microsoft.VisualStudio.TestTools.WebTesting;
+using NuGetGallery.FunctionalTests.Helpers;
+using NuGetGallery.FunctionTests.Helpers;
+using System;
+using System.Collections.Generic;
+
+namespace NuGetGallery.FunctionalTests
+{
+ /// <summary>
+ /// Verify that an expected series of security headers is returned as part of the response.
+ /// </summary>
+ public class SecurityHeaderTest : WebTest
+ {
+ public SecurityHeaderTest()
+ {
+ this.PreAuthenticate = true;
+ }
+
+ public override IEnumerator<WebTestRequest> GetRequestEnumerator()
+ {
+ //send a request to home page and check for security headers.
+ WebTestRequest homePageRequest = new WebTestRequest(UrlHelper.BaseUrl);
+ homePageRequest.ParseDependentRequests = false;
+ ValidationRuleFindHeaderText homePageTextValidationRule = new ValidationRuleFindHeaderText(
+ @"X-Frame-Options: deny
+ X-XSS-Protection: 1; mode=block
+ X-Content-Type-Options: nosniff
+ Strict-Transport-Security: maxage=31536000; includeSubDomains");
+ homePageRequest.ValidateResponse += new EventHandler<ValidationEventArgs>(homePageTextValidationRule.Validate);
+ yield return homePageRequest;
+ homePageRequest = null;
+
+ //send a request to Packages page and check for security headers.
+ WebTestRequest packagesPageRequest = new WebTestRequest(UrlHelper.PackagesPageUrl);
+ packagesPageRequest.ParseDependentRequests = false;
+ ValidationRuleFindHeaderText packagesPageTextValidationRule = new ValidationRuleFindHeaderText(
+ @"X-Frame-Options: deny
+X-XSS-Protection: 1; mode=block
+X-Content-Type-Options: nosniff
+Strict-Transport-Security: maxage=31536000; includeSubDomains");
+ packagesPageRequest.ValidateResponse += new EventHandler<ValidationEventArgs>(packagesPageTextValidationRule.Validate);
+ yield return packagesPageRequest;
+ packagesPageRequest = null;
+
+
+ }
+ }
+}

0 comments on commit c3d8d51

Please sign in to comment.
Something went wrong with that request. Please try again.