X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/193d7fb3fe71a76a43ebc1ccdb617b4b627d1e09..refs/pull/3012/head:/tests/SecurityHeaderTest.php

diff --git a/tests/SecurityHeaderTest.php b/tests/SecurityHeaderTest.php
index 2bde890ad..78691badb 100644
--- a/tests/SecurityHeaderTest.php
+++ b/tests/SecurityHeaderTest.php
@@ -76,7 +76,7 @@ class SecurityHeaderTest extends TestCase
 
         $nonce = app()->make(CspService::class)->getNonce();
         $this->assertStringContainsString('nonce-' . $nonce, $scriptHeader);
-        $resp->assertSee('<script nonce="' . $nonce . '">console.log("cat");</script>');
+        $resp->assertSee('<script nonce="' . $nonce . '">console.log("cat");</script>', false);
     }
 
     public function test_script_csp_nonce_changes_per_request()
@@ -119,6 +119,15 @@ class SecurityHeaderTest extends TestCase
         $this->assertEquals('base-uri \'self\'', $scriptHeader);
     }
 
+    public function test_cache_control_headers_are_strict_on_responses_when_logged_in()
+    {
+        $this->asEditor();
+        $resp = $this->get('/');
+        $resp->assertHeader('Cache-Control', 'max-age=0, no-store, private');
+        $resp->assertHeader('Pragma', 'no-cache');
+        $resp->assertHeader('Expires', 'Sun, 12 Jul 2015 19:01:00 GMT');
+    }
+
     /**
      * Get the value of the first CSP header of the given type.
      */