56c3bcf666
Build & Deploy / Build & Push Docker Image (push) Successful in 2m50s
Test / Type Check (all packages) (push) Successful in 52s
Build & Deploy / Deploy to VPS (push) Successful in 3s
Test / API Unit Tests (push) Successful in 54s
Test / Homepage Unit Tests (push) Successful in 44s
Test / Storefront Unit Tests (push) Successful in 41s
Test / Admin Unit Tests (push) Successful in 42s
Test / Dashboard Unit Tests (push) Successful in 41s
Test / API Integration Tests (push) Successful in 1m0s
24 lines
1.1 KiB
TypeScript
24 lines
1.1 KiB
TypeScript
import { buildContentSecurityPolicy, createNonce } from '@/lib/security/csp';
|
|
import { describe, expect, it } from 'vitest';
|
|
|
|
describe('CSP foundation', () => {
|
|
it('generates unpredictable nonce-shaped values', () => {
|
|
const first = createNonce();
|
|
const second = createNonce();
|
|
expect(first).toMatch(/^[a-f0-9]{32}$/);
|
|
expect(second).not.toBe(first);
|
|
});
|
|
|
|
it('allows required runtime evaluation without enabling development-only sources', () => {
|
|
expect(buildContentSecurityPolicy('abc', true)).toContain("'unsafe-eval'");
|
|
expect(buildContentSecurityPolicy('abc', false)).toContain("'unsafe-eval'");
|
|
expect(buildContentSecurityPolicy('abc', false)).toContain("'unsafe-inline'");
|
|
expect(buildContentSecurityPolicy('abc', false)).not.toContain("'strict-dynamic'");
|
|
expect(buildContentSecurityPolicy('abc', false)).not.toContain("'nonce-abc'");
|
|
expect(buildContentSecurityPolicy('abc', false)).toContain(
|
|
"style-src 'self' 'unsafe-inline'",
|
|
);
|
|
expect(buildContentSecurityPolicy('abc', false)).toContain("frame-ancestors 'none'");
|
|
});
|
|
});
|