Fixed lack of oidc discovery filtering during testing

[bookstack] / tests / SecurityHeaderTest.php

diff --git a/tests/SecurityHeaderTest.php b/tests/SecurityHeaderTest.php
index 57f4ab0df3fd7dc33f8031415b0181b3519d99f4..2bde890ad58139ef0bc4d33416e3d4cfe68fa462 100644 (file)
--- a/tests/SecurityHeaderTest.php
+++ b/tests/SecurityHeaderTest.php
@@ -105,12 +105,27 @@ class SecurityHeaderTest extends TestCase
         $this->assertNotEmpty($scriptHeader);
     }
 
+    public function test_object_src_csp_header_set()
+    {
+        $resp = $this->get('/');
+        $scriptHeader = $this->getCspHeader($resp, 'object-src');
+        $this->assertEquals('object-src \'self\'', $scriptHeader);
+    }
+
+    public function test_base_uri_csp_header_set()
+    {
+        $resp = $this->get('/');
+        $scriptHeader = $this->getCspHeader($resp, 'base-uri');
+        $this->assertEquals('base-uri \'self\'', $scriptHeader);
+    }
+
     /**
      * Get the value of the first CSP header of the given type.
      */
     protected function getCspHeader(TestResponse $resp, string $type): string
     {
         $cspHeaders = collect($resp->headers->all('Content-Security-Policy'));
+
         return $cspHeaders->filter(function ($val) use ($type) {
             return strpos($val, $type) === 0;
         })->first() ?? '';