Nuxt/test/unit/basic.ssr.csp.test.js

import { loadFixture, getPort, Nuxt, rp } from '../utils'

let port
const url = route => 'http://localhost:' + port + route

const startCSPTestServer = async (csp) => {
  const options = loadFixture('basic', { render: { csp } })
  const nuxt = new Nuxt(options)
  port = await getPort()
  await nuxt.listen(port, '0.0.0.0')
  return nuxt
}

describe('basic ssr csp', () => {
  test(
    'Not contain Content-Security-Policy header, when csp.enabled is not set',
    async () => {
      const nuxt = await startCSPTestServer({})
      const { headers } = await rp(url('/stateless'), {
        resolveWithFullResponse: true
      })

      expect(headers['content-security-policy']).toBe(undefined)

      await nuxt.close()
    }
  )

  test(
    'Contain Content-Security-Policy header, when csp.enabled is only set',
    async () => {
      const cspOption = {
        enabled: true
      }

      const nuxt = await startCSPTestServer(cspOption)
      const { headers } = await rp(url('/stateless'), {
        resolveWithFullResponse: true
      })

      expect(headers['content-security-policy']).toMatch(/^script-src 'self' 'sha256-.*'$/)

      await nuxt.close()
    }
  )

  test(
    'Contain Content-Security-Policy header, when csp.allowedSources set',
    async () => {
      const cspOption = {
        enabled: true,
        allowedSources: ['https://example.com', 'https://example.io']
      }

      const nuxt = await startCSPTestServer(cspOption)
      const { headers } = await rp(url('/stateless'), {
        resolveWithFullResponse: true
      })

      expect(headers['content-security-policy']).toMatch(/^script-src 'self' 'sha256-.*'/)
      expect(headers['content-security-policy'].includes('https://example.com')).toBe(true)
      expect(headers['content-security-policy'].includes('https://example.io')).toBe(true)

      await nuxt.close()
    }
  )

  test(
    'Contain Content-Security-Policy header, when csp.policies set',
    async () => {
      const cspOption = {
        enabled: true,
        policies: {
          'default-src': [`'none'`],
          'script-src': ['https://example.com', 'https://example.io']
        }
      }

      const nuxt = await startCSPTestServer(cspOption)
      const { headers } = await rp(url('/stateless'), {
        resolveWithFullResponse: true
      })

      expect(headers['content-security-policy']).toMatch(/default-src 'none'/)
      expect(headers['content-security-policy']).toMatch(/script-src 'self' 'sha256-.*'/)
      expect(headers['content-security-policy'].includes('https://example.com')).toBe(true)
      expect(headers['content-security-policy'].includes('https://example.io')).toBe(true)

      await nuxt.close()
    }
  )

  test(
    'Contain Content-Security-Policy header, when csp.policies.script-src is not set',
    async () => {
      const cspOption = {
        enabled: true,
        policies: {
          'default-src': [`'none'`]
        }
      }

      const nuxt = await startCSPTestServer(cspOption)
      const { headers } = await rp(url('/stateless'), {
        resolveWithFullResponse: true
      })

      expect(headers['content-security-policy']).toMatch(/default-src 'none'/)
      expect(headers['content-security-policy']).toMatch(/script-src 'self' 'sha256-.*'/)

      await nuxt.close()
    }
  )
})
misc: improve coverage and packaging (#3121) nuxt-start and nuxt/legacy are also coming! 2018-03-27 22:28:17 +00:00			`import { loadFixture, getPort, Nuxt, rp } from '../utils'`
eslint: fix import/order 2018-03-16 19:52:17 +00:00
working tests 2018-03-18 23:41:14 +00:00			`let port`
add more test 2018-02-01 13:31:02 +00:00			`const url = route => 'http://localhost:' + port + route`

basic migration to jest 2018-03-18 19:31:32 +00:00			`const startCSPTestServer = async (csp) => {`
working tests 2018-03-18 23:41:14 +00:00			`const options = loadFixture('basic', { render: { csp } })`
			`const nuxt = new Nuxt(options)`
			`port = await getPort()`
basic migration to jest 2018-03-18 19:31:32 +00:00			`await nuxt.listen(port, '0.0.0.0')`
add more test 2018-02-01 13:31:02 +00:00			`return nuxt`
			`}`

basic migration to jest 2018-03-18 19:31:32 +00:00			`describe('basic ssr csp', () => {`
			`test(`
			`'Not contain Content-Security-Policy header, when csp.enabled is not set',`
			`async () => {`
			`const nuxt = await startCSPTestServer({})`
			`const { headers } = await rp(url('/stateless'), {`
			`resolveWithFullResponse: true`
			`})`
add more test 2018-02-01 13:31:02 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`expect(headers['content-security-policy']).toBe(undefined)`
add more test 2018-02-01 13:31:02 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`await nuxt.close()`
			`}`
			`)`
add more test 2018-02-01 13:31:02 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`test(`
			`'Contain Content-Security-Policy header, when csp.enabled is only set',`
			`async () => {`
			`const cspOption = {`
			`enabled: true`
			`}`
add more test 2018-02-01 13:31:02 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`const nuxt = await startCSPTestServer(cspOption)`
			`const { headers } = await rp(url('/stateless'), {`
			`resolveWithFullResponse: true`
			`})`
add more test 2018-02-01 13:31:02 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`expect(headers['content-security-policy']).toMatch(/^script-src 'self' 'sha256-.*'$/)`
add more test 2018-02-01 13:31:02 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`await nuxt.close()`
			`}`
			`)`

			`test(`
			`'Contain Content-Security-Policy header, when csp.allowedSources set',`
			`async () => {`
			`const cspOption = {`
			`enabled: true,`
			`allowedSources: ['https://example.com', 'https://example.io']`
			`}`
add more test 2018-02-01 13:31:02 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`const nuxt = await startCSPTestServer(cspOption)`
			`const { headers } = await rp(url('/stateless'), {`
			`resolveWithFullResponse: true`
			`})`
add more test 2018-02-01 13:31:02 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`expect(headers['content-security-policy']).toMatch(/^script-src 'self' 'sha256-.*'/)`
			`expect(headers['content-security-policy'].includes('https://example.com')).toBe(true)`
			`expect(headers['content-security-policy'].includes('https://example.io')).toBe(true)`
add more test 2018-02-01 13:31:02 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`await nuxt.close()`
add more test 2018-02-01 13:31:02 +00:00			`}`
basic migration to jest 2018-03-18 19:31:32 +00:00			`)`

			`test(`
			`'Contain Content-Security-Policy header, when csp.policies set',`
			`async () => {`
			`const cspOption = {`
			`enabled: true,`
			`policies: {`
			'default-src': [`'none'`],
			`'script-src': ['https://example.com', 'https://example.io']`
			`}`
			`}`
add more test 2018-02-01 13:31:02 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`const nuxt = await startCSPTestServer(cspOption)`
			`const { headers } = await rp(url('/stateless'), {`
			`resolveWithFullResponse: true`
			`})`
add more test 2018-02-01 13:31:02 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`expect(headers['content-security-policy']).toMatch(/default-src 'none'/)`
			`expect(headers['content-security-policy']).toMatch(/script-src 'self' 'sha256-.*'/)`
			`expect(headers['content-security-policy'].includes('https://example.com')).toBe(true)`
			`expect(headers['content-security-policy'].includes('https://example.io')).toBe(true)`
add test case 2018-02-02 02:51:16 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`await nuxt.close()`
add test case 2018-02-02 02:51:16 +00:00			`}`
basic migration to jest 2018-03-18 19:31:32 +00:00			`)`

			`test(`
			`'Contain Content-Security-Policy header, when csp.policies.script-src is not set',`
			`async () => {`
			`const cspOption = {`
			`enabled: true,`
			`policies: {`
			'default-src': [`'none'`]
			`}`
			`}`
add test case 2018-02-02 02:51:16 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`const nuxt = await startCSPTestServer(cspOption)`
			`const { headers } = await rp(url('/stateless'), {`
			`resolveWithFullResponse: true`
			`})`
add test case 2018-02-02 02:51:16 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`expect(headers['content-security-policy']).toMatch(/default-src 'none'/)`
			`expect(headers['content-security-policy']).toMatch(/script-src 'self' 'sha256-.*'/)`
add test case 2018-02-02 02:51:16 +00:00
basic migration to jest 2018-03-18 19:31:32 +00:00			`await nuxt.close()`
			`}`
			`)`
add test case 2018-02-02 02:51:16 +00:00			`})`