Skip to content

Commit 8be42e1

Browse files
MathiasWPMathiasWP
committed
put tests in same order
1 parent 06ca1de commit 8be42e1

File tree

1 file changed

+19
-45
lines changed

1 file changed

+19
-45
lines changed

packages/kit/src/runtime/server/page/csp.spec.js

Lines changed: 19 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -79,15 +79,25 @@ test('generates CSP header with nonce', () => {
7979
);
8080
});
8181

82-
test('skips nonce in style-src when using unsafe-inline', () => {
82+
test('skips nonce with unsafe-inline', () => {
8383
const csp = new Csp(
8484
{
8585
mode: 'nonce',
8686
directives: {
87-
'style-src': ['self', 'unsafe-inline']
87+
'default-src': ['unsafe-inline'],
88+
'script-src': ['unsafe-inline'],
89+
'script-src-elem': ['unsafe-inline'],
90+
'style-src': ['unsafe-inline'],
91+
'style-src-attr': ['unsafe-inline'],
92+
'style-src-elem': ['unsafe-inline']
8893
},
8994
reportOnly: {
90-
'style-src': ['self', 'unsafe-inline'],
95+
'default-src': ['unsafe-inline'],
96+
'script-src': ['unsafe-inline'],
97+
'script-src-elem': ['unsafe-inline'],
98+
'style-src': ['unsafe-inline'],
99+
'style-src-attr': ['unsafe-inline'],
100+
'style-src-elem': ['unsafe-inline'],
91101
'report-uri': ['/']
92102
}
93103
},
@@ -96,12 +106,16 @@ test('skips nonce in style-src when using unsafe-inline', () => {
96106
}
97107
);
98108

109+
csp.add_script('');
99110
csp.add_style('');
100111

101-
assert.equal(csp.csp_provider.get_header(), "style-src 'self' 'unsafe-inline'");
112+
assert.equal(
113+
csp.csp_provider.get_header(),
114+
"default-src 'unsafe-inline'; script-src 'unsafe-inline'; script-src-elem 'unsafe-inline'; style-src 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline'"
115+
);
102116
assert.equal(
103117
csp.report_only_provider.get_header(),
104-
"style-src 'self' 'unsafe-inline'; report-uri /"
118+
"default-src 'unsafe-inline'; script-src 'unsafe-inline'; script-src-elem 'unsafe-inline'; style-src 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline'; report-uri /"
105119
);
106120
});
107121

@@ -131,46 +145,6 @@ test('skips nonce in style-src when using unsafe-inline', () => {
131145
);
132146
});
133147

134-
test('skips nonce with unsafe-inline', () => {
135-
const csp = new Csp(
136-
{
137-
mode: 'nonce',
138-
directives: {
139-
'default-src': ['unsafe-inline'],
140-
'script-src': ['unsafe-inline'],
141-
'script-src-elem': ['unsafe-inline'],
142-
'style-src': ['unsafe-inline'],
143-
'style-src-attr': ['unsafe-inline'],
144-
'style-src-elem': ['unsafe-inline']
145-
},
146-
reportOnly: {
147-
'default-src': ['unsafe-inline'],
148-
'script-src': ['unsafe-inline'],
149-
'script-src-elem': ['unsafe-inline'],
150-
'style-src': ['unsafe-inline'],
151-
'style-src-attr': ['unsafe-inline'],
152-
'style-src-elem': ['unsafe-inline'],
153-
'report-uri': ['/']
154-
}
155-
},
156-
{
157-
prerender: false
158-
}
159-
);
160-
161-
csp.add_script('');
162-
csp.add_style('');
163-
164-
assert.equal(
165-
csp.csp_provider.get_header(),
166-
"default-src 'unsafe-inline'; script-src 'unsafe-inline'; script-src-elem 'unsafe-inline'; style-src 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline'"
167-
);
168-
assert.equal(
169-
csp.report_only_provider.get_header(),
170-
"default-src 'unsafe-inline'; script-src 'unsafe-inline'; script-src-elem 'unsafe-inline'; style-src 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline'; report-uri /"
171-
);
172-
});
173-
174148
test('skips hash with unsafe-inline', () => {
175149
const csp = new Csp(
176150
{

0 commit comments

Comments
 (0)