Flaska: Add support for appendHeaders to compliment default headers instead of completely replacing them
This commit is contained in:
parent
0c22fe9577
commit
568c620782
2 changed files with 39 additions and 0 deletions
|
@ -644,6 +644,13 @@ export class Flaska {
|
|||
nonceCacheLength: opts.nonceCacheLength || 25
|
||||
}
|
||||
|
||||
if (opts.appendHeaders) {
|
||||
let appendKeys = Object.keys(opts.appendHeaders)
|
||||
for (let key of appendKeys) {
|
||||
options.defaultHeaders[key] = opts.appendHeaders[key]
|
||||
}
|
||||
}
|
||||
|
||||
if (!options.defaultHeaders && options.nonce.length) {
|
||||
// throw error
|
||||
}
|
||||
|
|
|
@ -90,6 +90,38 @@ t.describe('#constructor', function() {
|
|||
|
||||
assert.strictEqual(flaska._after.length, 0)
|
||||
})
|
||||
|
||||
t.test('should have before ready setting headers on context if appendHeaders is specified', function() {
|
||||
const appendHeaders = {
|
||||
'Server': 'nginx/1.16.1',
|
||||
'Herp': 'Derp',
|
||||
}
|
||||
let flaska = new Flaska({
|
||||
appendHeaders: appendHeaders,
|
||||
}, faker)
|
||||
assert.strictEqual(flaska._before.length, 1)
|
||||
|
||||
let ctx = {}
|
||||
|
||||
flaska._before[0](ctx)
|
||||
|
||||
assert.deepEqual(
|
||||
Object.keys(ctx.headers).sort(),
|
||||
['Server', 'Herp', 'X-Content-Type-Options','Content-Security-Policy','Cross-Origin-Opener-Policy','Cross-Origin-Resource-Policy','Cross-Origin-Embedder-Policy','Date'].sort()
|
||||
)
|
||||
|
||||
assert.notStrictEqual(ctx.headers['Server'], 'Flaska')
|
||||
assert.strictEqual(ctx.headers['Server'], appendHeaders.Server)
|
||||
assert.strictEqual(ctx.headers['Herp'], 'Derp')
|
||||
assert.strictEqual(ctx.headers['X-Content-Type-Options'], 'nosniff')
|
||||
assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'`)
|
||||
assert.strictEqual(ctx.headers['Cross-Origin-Opener-Policy'], 'same-origin')
|
||||
assert.strictEqual(ctx.headers['Cross-Origin-Resource-Policy'], 'same-origin')
|
||||
assert.strictEqual(ctx.headers['Cross-Origin-Embedder-Policy'], 'require-corp')
|
||||
assert.ok(new Date(ctx.headers['Date']).getDate())
|
||||
|
||||
assert.strictEqual(flaska._after.length, 0)
|
||||
})
|
||||
})
|
||||
|
||||
t.describe('#_nonce', function() {
|
||||
|
|
Loading…
Reference in a new issue