]> BookStack Code Mirror - bookstack/blobdiff - tests/SecurityHeaderTest.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added a couple of additional CSP rules
[bookstack] / tests / SecurityHeaderTest.php
diff --git a/tests/SecurityHeaderTest.php b/tests/SecurityHeaderTest.php
index 57f4ab0df3fd7dc33f8031415b0181b3519d99f4..fe25ef3f00b6a95de8021c7f99b53a82495a910b 100644 (file)
--- a/tests/SecurityHeaderTest.php
+++ b/tests/SecurityHeaderTest.php
@@ -105,6 +105,20 @@ class SecurityHeaderTest extends TestCase
         $this->assertNotEmpty($scriptHeader);
     }
 
+    public function test_object_src_csp_header_set()
+    {
+        $resp = $this->get('/');
+        $scriptHeader = $this->getCspHeader($resp, 'object-src');
+        $this->assertEquals('object-src \'self\'', $scriptHeader);
+    }
+
+    public function test_base_uri_csp_header_set()
+    {
+        $resp = $this->get('/');
+        $scriptHeader = $this->getCspHeader($resp, 'base-uri');
+        $this->assertEquals('base-uri \'self\'', $scriptHeader);
+    }
+
     /**
      * Get the value of the first CSP header of the given type.
      */
The core source code for the BookStack project.