X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/492af79c27f089e28c76007f93fef4995eda9d94..refs/pull/3068/head:/tests/SecurityHeaderTest.php

diff --git a/tests/SecurityHeaderTest.php b/tests/SecurityHeaderTest.php
index fe25ef3f0..78691badb 100644
--- a/tests/SecurityHeaderTest.php
+++ b/tests/SecurityHeaderTest.php
@@ -76,7 +76,7 @@ class SecurityHeaderTest extends TestCase
 
         $nonce = app()->make(CspService::class)->getNonce();
         $this->assertStringContainsString('nonce-' . $nonce, $scriptHeader);
-        $resp->assertSee('<script nonce="' . $nonce . '">console.log("cat");</script>');
+        $resp->assertSee('<script nonce="' . $nonce . '">console.log("cat");</script>', false);
     }
 
     public function test_script_csp_nonce_changes_per_request()
@@ -119,12 +119,22 @@ class SecurityHeaderTest extends TestCase
         $this->assertEquals('base-uri \'self\'', $scriptHeader);
     }
 
+    public function test_cache_control_headers_are_strict_on_responses_when_logged_in()
+    {
+        $this->asEditor();
+        $resp = $this->get('/');
+        $resp->assertHeader('Cache-Control', 'max-age=0, no-store, private');
+        $resp->assertHeader('Pragma', 'no-cache');
+        $resp->assertHeader('Expires', 'Sun, 12 Jul 2015 19:01:00 GMT');
+    }
+
     /**
      * Get the value of the first CSP header of the given type.
      */
     protected function getCspHeader(TestResponse $resp, string $type): string
     {
         $cspHeaders = collect($resp->headers->all('Content-Security-Policy'));
+
         return $cspHeaders->filter(function ($val) use ($type) {
             return strpos($val, $type) === 0;
         })->first() ?? '';