X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/253f386f006eb0bcdf1151008b75213e96c4edf9..refs/pull/3008/head:/tests/SecurityHeaderTest.php

diff --git a/tests/SecurityHeaderTest.php b/tests/SecurityHeaderTest.php
index 57f4ab0df..10551fc55 100644
--- a/tests/SecurityHeaderTest.php
+++ b/tests/SecurityHeaderTest.php
@@ -105,12 +105,36 @@ class SecurityHeaderTest extends TestCase
         $this->assertNotEmpty($scriptHeader);
     }
 
+    public function test_object_src_csp_header_set()
+    {
+        $resp = $this->get('/');
+        $scriptHeader = $this->getCspHeader($resp, 'object-src');
+        $this->assertEquals('object-src \'self\'', $scriptHeader);
+    }
+
+    public function test_base_uri_csp_header_set()
+    {
+        $resp = $this->get('/');
+        $scriptHeader = $this->getCspHeader($resp, 'base-uri');
+        $this->assertEquals('base-uri \'self\'', $scriptHeader);
+    }
+
+    public function test_cache_control_headers_are_strict_on_responses_when_logged_in()
+    {
+        $this->asEditor();
+        $resp = $this->get('/');
+        $resp->assertHeader('Cache-Control', 'max-age=0, no-store, private');
+        $resp->assertHeader('Pragma', 'no-cache');
+        $resp->assertHeader('Expires', 'Sun, 12 Jul 2015 19:01:00 GMT');
+    }
+
     /**
      * Get the value of the first CSP header of the given type.
      */
     protected function getCspHeader(TestResponse $resp, string $type): string
     {
         $cspHeaders = collect($resp->headers->all('Content-Security-Policy'));
+
         return $cspHeaders->filter(function ($val) use ($type) {
             return strpos($val, $type) === 0;
         })->first() ?? '';