Files
carmanagement/apps/homepage/tests/unit/csp.test.ts
T
root 0ddf67c754
Build & Deploy / Build & Push Docker Image (push) Successful in 3m3s
Test / Type Check (all packages) (push) Successful in 57s
Build & Deploy / Deploy to VPS (push) Successful in 4s
Test / API Unit Tests (push) Successful in 50s
Test / Homepage Unit Tests (push) Successful in 45s
Test / Storefront Unit Tests (push) Successful in 43s
Test / Admin Unit Tests (push) Successful in 42s
Test / Dashboard Unit Tests (push) Successful in 41s
Test / API Integration Tests (push) Successful in 1m3s
Fix the remaining CSP errors. The repeated hash was from Next’s generated <Image> markup: style="color:transparent".
2026-07-01 23:52:09 -04:00

23 lines
1.0 KiB
TypeScript

import { buildContentSecurityPolicy, createNonce } from '@/lib/security/csp';
import { describe, expect, it } from 'vitest';
describe('CSP foundation', () => {
it('generates unpredictable nonce-shaped values', () => {
const first = createNonce();
const second = createNonce();
expect(first).toMatch(/^[a-f0-9]{32}$/);
expect(second).not.toBe(first);
});
it('allows development evaluation only in development', () => {
expect(buildContentSecurityPolicy('abc', true)).toContain("'unsafe-eval'");
expect(buildContentSecurityPolicy('abc', false)).not.toContain("'unsafe-eval'");
expect(buildContentSecurityPolicy('abc', false)).toContain("'nonce-abc'");
expect(buildContentSecurityPolicy('abc', false)).toContain(
"style-src 'self' 'nonce-abc' 'unsafe-hashes' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk='",
);
expect(buildContentSecurityPolicy('abc', false)).not.toContain("'unsafe-inline'");
expect(buildContentSecurityPolicy('abc', false)).toContain("frame-ancestors 'none'");
});
});