add more test

2024-11-23 14:15:13 +00:00 · 2018-02-01 22:31:02 +09:00 · 2018-02-01 22:31:02 +09:00 · 4982355885
commit 4982355885
parent 4968d4cc8a
2 changed files with 103 additions and 20 deletions
--- a/test/basic.ssr.csp.test.js
+++ b/test/basic.ssr.csp.test.js
@ -0,0 +1,103 @@
+import test from 'ava'
+import { resolve } from 'path'
+import rp from 'request-promise-native'
+import { Nuxt, Builder } from '..'
+import { interceptLog } from './helpers/console'
+
+const port = 4005
+const url = route => 'http://localhost:' + port + route
+
+// Init nuxt.js and create server listening on localhost:4005
+const startCSPTestServer = async (t, csp) => {
+  const options = {
+    rootDir: resolve(__dirname, 'fixtures/basic'),
+    buildDir: '.nuxt-ssr',
+    dev: false,
+    head: {
+      titleTemplate(titleChunk) {
+        return titleChunk ? `${titleChunk} - Nuxt.js` : 'Nuxt.js'
+      }
+    },
+    build: { stats: false },
+    render: { csp }
+  }
+
+  let nuxt = null
+  const logSpy = await interceptLog(async () => {
+    nuxt = new Nuxt(options)
+    const builder = await new Builder(nuxt)
+    await builder.build()
+    await nuxt.listen(port, '0.0.0.0')
+  })
+
+  t.true(logSpy.calledWithMatch('DONE'))
+  t.true(logSpy.calledWithMatch('OPEN'))
+
+  return nuxt
+}
+
+test.serial('Not contain Content-Security-Policy header, when csp.enabled is not set', async t => {
+  const nuxt = await startCSPTestServer(t, {})
+  const { headers } = await rp(url('/stateless'), {
+    resolveWithFullResponse: true
+  })
+
+  t.is(headers['content-security-policy'], undefined)
+
+  await nuxt.close()
+})
+
+test.serial('Contain Content-Security-Policy header, when csp.enabled is only set', async t => {
+  const cspOption = {
+    enabled: true
+  }
+
+  const nuxt = await startCSPTestServer(t, cspOption)
+  const { headers } = await rp(url('/stateless'), {
+    resolveWithFullResponse: true
+  })
+
+  t.regex(headers['content-security-policy'], /^script-src 'self' 'sha256-.*'$/)
+
+  await nuxt.close()
+})
+
+test.serial('Contain Content-Security-Policy header, when csp.allowedSources set', async t => {
+  const cspOption = {
+    enabled: true,
+    allowedSources: ['https://example.com', 'https://example.io']
+  }
+
+  const nuxt = await startCSPTestServer(t, cspOption)
+  const { headers } = await rp(url('/stateless'), {
+    resolveWithFullResponse: true
+  })
+
+  t.regex(headers['content-security-policy'], /^script-src 'self' 'sha256-.*'/)
+  t.true(headers['content-security-policy'].includes('https://example.com'))
+  t.true(headers['content-security-policy'].includes('https://example.io'))
+
+  await nuxt.close()
+})
+
+test.serial('Contain Content-Security-Policy header, when csp.policies set', async t => {
+  const cspOption = {
+    enabled: true,
+    policies: {
+      'default-src': [`'none'`],
+      'script-src': ['https://example.com', 'https://example.io']
+    }
+  }
+
+  const nuxt = await startCSPTestServer(t, cspOption)
+  const { headers } = await rp(url('/stateless'), {
+    resolveWithFullResponse: true
+  })
+
+  t.regex(headers['content-security-policy'], /default-src 'none'/)
+  t.regex(headers['content-security-policy'], /script-src 'self' 'sha256-.*'/)
+  t.true(headers['content-security-policy'].includes('https://example.com'))
+  t.true(headers['content-security-policy'].includes('https://example.io'))
+
+  await nuxt.close()
+})
--- a/test/basic.ssr.test.js
+++ b/test/basic.ssr.test.js
@ -22,15 +22,6 @@ test.serial('Init Nuxt.js', async t => {
    },
    build: {
      stats: false
-    },
-    render: {
-      csp: {
-        enabled: true,
-        policies: {
-          'default-src': [`'none'`],
-          'script-src': ['https://example.com', 'https://example.io']
-        }
-      }
    }
  }

@ -256,17 +247,6 @@ test('ETag Header', async t => {
  t.is(error.statusCode, 304)
 })

-test('Content-Security-Policy Header', async t => {
-  const { headers } = await rp(url('/stateless'), {
-    resolveWithFullResponse: true
-  })
-  // Verify functionality
-  t.regex(headers['content-security-policy'], /default-src 'none'/)
-  t.regex(headers['content-security-policy'], /script-src 'self' 'sha256-.*'/)
-  t.true(headers['content-security-policy'].includes('https://example.com'))
-  t.true(headers['content-security-policy'].includes('https://example.io'))
-})
-
 test('/_nuxt/server-bundle.json should return 404', async t => {
  const err = await t.throws(
    rp(url('/_nuxt/server-bundle.json'), { resolveWithFullResponse: true })