Skip to content

Commit

Permalink
Reduce RSpec/ExampleLength in CSP request spec
Browse files Browse the repository at this point in the history
  • Loading branch information
@mjankowski
mjankowski committed Feb 5, 2024
1 parent 1666b19 commit 89f32af
Showing 1 changed file with 26 additions and 18 deletions.
44 changes: 26 additions & 18 deletions spec/requests/content_security_policy_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,25 +3,33 @@
require 'rails_helper'

describe 'Content-Security-Policy' do
it 'sets the expected CSP headers' do
allow(SecureRandom).to receive(:base64).with(16).and_return('ZbA+JmE7+bK8F5qvADZHuQ==')
before { allow(SecureRandom).to receive(:base64).with(16).and_return('ZbA+JmE7+bK8F5qvADZHuQ==') }

it 'sets the expected CSP headers' do
get '/'
expect(response.headers['Content-Security-Policy'].split(';').map(&:strip)).to contain_exactly(
"base-uri 'none'",
"default-src 'none'",
"frame-ancestors 'none'",
"font-src 'self' https://cb6e6126.ngrok.io",
"img-src 'self' data: blob: https://cb6e6126.ngrok.io",
"style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='",
"media-src 'self' data: https://cb6e6126.ngrok.io",
"frame-src 'self' https:",
"manifest-src 'self' https://cb6e6126.ngrok.io",
"form-action 'self'",
"child-src 'self' blob: https://cb6e6126.ngrok.io",
"worker-src 'self' blob: https://cb6e6126.ngrok.io",
"connect-src 'self' data: blob: https://cb6e6126.ngrok.io ws://cb6e6126.ngrok.io:4000",
"script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'"
)

expect(response.headers)
.to include(
'Content-Security-Policy' => eq(expected_content_security_policy)
)
end

def expected_content_security_policy
<<~CSP.squish
base-uri 'none';
default-src 'none';
frame-ancestors 'none';
font-src 'self' https://cb6e6126.ngrok.io;
img-src 'self' data: blob: https://cb6e6126.ngrok.io;
style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ==';
media-src 'self' data: https://cb6e6126.ngrok.io;
frame-src 'self' https:;
manifest-src 'self' https://cb6e6126.ngrok.io;
form-action 'self';
child-src 'self' blob: https://cb6e6126.ngrok.io;
worker-src 'self' blob: https://cb6e6126.ngrok.io;
connect-src 'self' data: blob: https://cb6e6126.ngrok.io ws://cb6e6126.ngrok.io:4000;
script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'
CSP
end
end

0 comments on commit 89f32af

Please sign in to comment.