From 3a0064c5630299076b31181e44d7ac2fa2744cdf Mon Sep 17 00:00:00 2001
From: Jonatan Nilsson <jonatan@nilsson.is>
Date: Thu, 12 May 2022 16:42:54 +0000
Subject: [PATCH] Fix test for new default header

---
 test/flaska.api.test.mjs | 6 +++---
 test/flaska.in.test.mjs  | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/test/flaska.api.test.mjs b/test/flaska.api.test.mjs
index e6af9a4..91745bd 100644
--- a/test/flaska.api.test.mjs
+++ b/test/flaska.api.test.mjs
@@ -50,7 +50,7 @@ t.describe('#constructor', function() {
 
     assert.strictEqual(ctx.headers['Server'], 'Flaska')
     assert.strictEqual(ctx.headers['X-Content-Type-Options'], 'nosniff')
-    assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; object-src 'none'; frame-ancestors 'none'`)
+    assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'`)
     assert.strictEqual(ctx.headers['Cross-Origin-Opener-Policy'], 'same-origin')
     assert.strictEqual(ctx.headers['Cross-Origin-Resource-Policy'], 'same-origin')
     assert.strictEqual(ctx.headers['Cross-Origin-Embedder-Policy'], 'require-corp')
@@ -143,7 +143,7 @@ t.describe('#_nonce', function() {
       let nextNonce = flaska._nonces[flaska._noncesIndex]
       flaska._before[0](ctx)
       assert.strictEqual(ctx.state.nonce, nextNonce)
-      assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; object-src 'none'; frame-ancestors 'none'; script-src 'nonce-${ctx.state.nonce}'`)
+      assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; script-src 'nonce-${ctx.state.nonce}'`)
     }
 
     assert.notOk(flaska._nonces[flaska._noncesIndex])
@@ -157,7 +157,7 @@ t.describe('#_nonce', function() {
       assert.notStrictEqual(ctx.state.nonce, flaska._nonces[i])
     }
 
-    assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; object-src 'none'; frame-ancestors 'none'; script-src 'nonce-${ctx.state.nonce}'`)
+    assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; script-src 'nonce-${ctx.state.nonce}'`)
   })
 
   t.test('should have after that regenerates lost hashes', function() {
diff --git a/test/flaska.in.test.mjs b/test/flaska.in.test.mjs
index 8283f83..49d0d55 100644
--- a/test/flaska.in.test.mjs
+++ b/test/flaska.in.test.mjs
@@ -157,7 +157,7 @@ t.describe('#requestStart()', function() {
 
         assert.strictEqual(ctx.headers['Server'], 'Flaska')
         assert.strictEqual(ctx.headers['X-Content-Type-Options'], 'nosniff')
-        assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; object-src 'none'; frame-ancestors 'none'`)
+        assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'`)
         assert.strictEqual(ctx.headers['Cross-Origin-Opener-Policy'], 'same-origin')
         assert.strictEqual(ctx.headers['Cross-Origin-Resource-Policy'], 'same-origin')
         assert.strictEqual(ctx.headers['Cross-Origin-Embedder-Policy'], 'require-corp')