mirror of
https://github.com/nuxt/nuxt.git
synced 2024-11-11 08:33:53 +00:00
add more test
This commit is contained in:
parent
4968d4cc8a
commit
4982355885
103
test/basic.ssr.csp.test.js
Normal file
103
test/basic.ssr.csp.test.js
Normal file
@ -0,0 +1,103 @@
|
||||
import test from 'ava'
|
||||
import { resolve } from 'path'
|
||||
import rp from 'request-promise-native'
|
||||
import { Nuxt, Builder } from '..'
|
||||
import { interceptLog } from './helpers/console'
|
||||
|
||||
const port = 4005
|
||||
const url = route => 'http://localhost:' + port + route
|
||||
|
||||
// Init nuxt.js and create server listening on localhost:4005
|
||||
const startCSPTestServer = async (t, csp) => {
|
||||
const options = {
|
||||
rootDir: resolve(__dirname, 'fixtures/basic'),
|
||||
buildDir: '.nuxt-ssr',
|
||||
dev: false,
|
||||
head: {
|
||||
titleTemplate(titleChunk) {
|
||||
return titleChunk ? `${titleChunk} - Nuxt.js` : 'Nuxt.js'
|
||||
}
|
||||
},
|
||||
build: { stats: false },
|
||||
render: { csp }
|
||||
}
|
||||
|
||||
let nuxt = null
|
||||
const logSpy = await interceptLog(async () => {
|
||||
nuxt = new Nuxt(options)
|
||||
const builder = await new Builder(nuxt)
|
||||
await builder.build()
|
||||
await nuxt.listen(port, '0.0.0.0')
|
||||
})
|
||||
|
||||
t.true(logSpy.calledWithMatch('DONE'))
|
||||
t.true(logSpy.calledWithMatch('OPEN'))
|
||||
|
||||
return nuxt
|
||||
}
|
||||
|
||||
test.serial('Not contain Content-Security-Policy header, when csp.enabled is not set', async t => {
|
||||
const nuxt = await startCSPTestServer(t, {})
|
||||
const { headers } = await rp(url('/stateless'), {
|
||||
resolveWithFullResponse: true
|
||||
})
|
||||
|
||||
t.is(headers['content-security-policy'], undefined)
|
||||
|
||||
await nuxt.close()
|
||||
})
|
||||
|
||||
test.serial('Contain Content-Security-Policy header, when csp.enabled is only set', async t => {
|
||||
const cspOption = {
|
||||
enabled: true
|
||||
}
|
||||
|
||||
const nuxt = await startCSPTestServer(t, cspOption)
|
||||
const { headers } = await rp(url('/stateless'), {
|
||||
resolveWithFullResponse: true
|
||||
})
|
||||
|
||||
t.regex(headers['content-security-policy'], /^script-src 'self' 'sha256-.*'$/)
|
||||
|
||||
await nuxt.close()
|
||||
})
|
||||
|
||||
test.serial('Contain Content-Security-Policy header, when csp.allowedSources set', async t => {
|
||||
const cspOption = {
|
||||
enabled: true,
|
||||
allowedSources: ['https://example.com', 'https://example.io']
|
||||
}
|
||||
|
||||
const nuxt = await startCSPTestServer(t, cspOption)
|
||||
const { headers } = await rp(url('/stateless'), {
|
||||
resolveWithFullResponse: true
|
||||
})
|
||||
|
||||
t.regex(headers['content-security-policy'], /^script-src 'self' 'sha256-.*'/)
|
||||
t.true(headers['content-security-policy'].includes('https://example.com'))
|
||||
t.true(headers['content-security-policy'].includes('https://example.io'))
|
||||
|
||||
await nuxt.close()
|
||||
})
|
||||
|
||||
test.serial('Contain Content-Security-Policy header, when csp.policies set', async t => {
|
||||
const cspOption = {
|
||||
enabled: true,
|
||||
policies: {
|
||||
'default-src': [`'none'`],
|
||||
'script-src': ['https://example.com', 'https://example.io']
|
||||
}
|
||||
}
|
||||
|
||||
const nuxt = await startCSPTestServer(t, cspOption)
|
||||
const { headers } = await rp(url('/stateless'), {
|
||||
resolveWithFullResponse: true
|
||||
})
|
||||
|
||||
t.regex(headers['content-security-policy'], /default-src 'none'/)
|
||||
t.regex(headers['content-security-policy'], /script-src 'self' 'sha256-.*'/)
|
||||
t.true(headers['content-security-policy'].includes('https://example.com'))
|
||||
t.true(headers['content-security-policy'].includes('https://example.io'))
|
||||
|
||||
await nuxt.close()
|
||||
})
|
@ -22,15 +22,6 @@ test.serial('Init Nuxt.js', async t => {
|
||||
},
|
||||
build: {
|
||||
stats: false
|
||||
},
|
||||
render: {
|
||||
csp: {
|
||||
enabled: true,
|
||||
policies: {
|
||||
'default-src': [`'none'`],
|
||||
'script-src': ['https://example.com', 'https://example.io']
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -256,17 +247,6 @@ test('ETag Header', async t => {
|
||||
t.is(error.statusCode, 304)
|
||||
})
|
||||
|
||||
test('Content-Security-Policy Header', async t => {
|
||||
const { headers } = await rp(url('/stateless'), {
|
||||
resolveWithFullResponse: true
|
||||
})
|
||||
// Verify functionality
|
||||
t.regex(headers['content-security-policy'], /default-src 'none'/)
|
||||
t.regex(headers['content-security-policy'], /script-src 'self' 'sha256-.*'/)
|
||||
t.true(headers['content-security-policy'].includes('https://example.com'))
|
||||
t.true(headers['content-security-policy'].includes('https://example.io'))
|
||||
})
|
||||
|
||||
test('/_nuxt/server-bundle.json should return 404', async t => {
|
||||
const err = await t.throws(
|
||||
rp(url('/_nuxt/server-bundle.json'), { resolveWithFullResponse: true })
|
||||
|
Loading…
Reference in New Issue
Block a user