init project
This commit is contained in:
@@ -0,0 +1,20 @@
|
||||
import { buildContentSecurityPolicy, createNonce } from '@/lib/security/csp';
|
||||
import { describe, expect, it } from 'vitest';
|
||||
|
||||
describe('CSP foundation', () => {
|
||||
it('generates unpredictable nonce-shaped values', () => {
|
||||
const first = createNonce();
|
||||
const second = createNonce();
|
||||
expect(first).toMatch(/^[a-f0-9]{32}$/);
|
||||
expect(second).not.toBe(first);
|
||||
});
|
||||
|
||||
it('allows development evaluation only in development', () => {
|
||||
expect(buildContentSecurityPolicy('abc', true)).toContain("'unsafe-eval'");
|
||||
expect(buildContentSecurityPolicy('abc', false)).not.toContain("'unsafe-eval'");
|
||||
expect(buildContentSecurityPolicy('abc', false)).toContain("'nonce-abc'");
|
||||
expect(buildContentSecurityPolicy('abc', false)).toContain("style-src 'self' 'nonce-abc'");
|
||||
expect(buildContentSecurityPolicy('abc', false)).not.toContain("'unsafe-inline'");
|
||||
expect(buildContentSecurityPolicy('abc', false)).toContain("frame-ancestors 'none'");
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user