From 3a0064c5630299076b31181e44d7ac2fa2744cdf Mon Sep 17 00:00:00 2001 From: Jonatan Nilsson Date: Thu, 12 May 2022 16:42:54 +0000 Subject: [PATCH] Fix test for new default header --- test/flaska.api.test.mjs | 6 +++--- test/flaska.in.test.mjs | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/flaska.api.test.mjs b/test/flaska.api.test.mjs index e6af9a4..91745bd 100644 --- a/test/flaska.api.test.mjs +++ b/test/flaska.api.test.mjs @@ -50,7 +50,7 @@ t.describe('#constructor', function() { assert.strictEqual(ctx.headers['Server'], 'Flaska') assert.strictEqual(ctx.headers['X-Content-Type-Options'], 'nosniff') - assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; object-src 'none'; frame-ancestors 'none'`) + assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'`) assert.strictEqual(ctx.headers['Cross-Origin-Opener-Policy'], 'same-origin') assert.strictEqual(ctx.headers['Cross-Origin-Resource-Policy'], 'same-origin') assert.strictEqual(ctx.headers['Cross-Origin-Embedder-Policy'], 'require-corp') @@ -143,7 +143,7 @@ t.describe('#_nonce', function() { let nextNonce = flaska._nonces[flaska._noncesIndex] flaska._before[0](ctx) assert.strictEqual(ctx.state.nonce, nextNonce) - assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; object-src 'none'; frame-ancestors 'none'; script-src 'nonce-${ctx.state.nonce}'`) + assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; script-src 'nonce-${ctx.state.nonce}'`) } assert.notOk(flaska._nonces[flaska._noncesIndex]) @@ -157,7 +157,7 @@ t.describe('#_nonce', function() { assert.notStrictEqual(ctx.state.nonce, flaska._nonces[i]) } - assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; object-src 'none'; frame-ancestors 'none'; script-src 'nonce-${ctx.state.nonce}'`) + assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; script-src 'nonce-${ctx.state.nonce}'`) }) t.test('should have after that regenerates lost hashes', function() { diff --git a/test/flaska.in.test.mjs b/test/flaska.in.test.mjs index 8283f83..49d0d55 100644 --- a/test/flaska.in.test.mjs +++ b/test/flaska.in.test.mjs @@ -157,7 +157,7 @@ t.describe('#requestStart()', function() { assert.strictEqual(ctx.headers['Server'], 'Flaska') assert.strictEqual(ctx.headers['X-Content-Type-Options'], 'nosniff') - assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; object-src 'none'; frame-ancestors 'none'`) + assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'`) assert.strictEqual(ctx.headers['Cross-Origin-Opener-Policy'], 'same-origin') assert.strictEqual(ctx.headers['Cross-Origin-Resource-Policy'], 'same-origin') assert.strictEqual(ctx.headers['Cross-Origin-Embedder-Policy'], 'require-corp')