Skip to content

Commit

Permalink
ensure that hpkp is set when provided
Browse files Browse the repository at this point in the history
  • Loading branch information
oreoshake committed Sep 23, 2015
1 parent 1a47c6a commit 6ed1c41
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions spec/lib/secure_headers_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -178,16 +178,28 @@ def expect_default_values(hash)
it "produces a hash with a mix of config values, override values, and default values" do
::SecureHeaders::Configuration.configure do |config|
config.hsts = { :max_age => '123456'}
config.hpkp = {
:enforce => true,
:max_age => 1000000,
:include_subdomains => true,
:report_uri => '//example.com/uri-directive',
:pins => [
{:sha256 => 'abc'},
{:sha256 => '123'}
]
}
end

hash = SecureHeaders::header_hash(:csp => {:default_src => 'none', :img_src => "data:", :disable_fill_missing => true})
::SecureHeaders::Configuration.configure do |config|
config.hsts = nil
config.hpkp = nil
end

expect(hash['Content-Security-Policy-Report-Only']).to eq("default-src 'none'; img-src data:;")
expect(hash[XFO_HEADER_NAME]).to eq(SecureHeaders::XFrameOptions::Constants::DEFAULT_VALUE)
expect(hash[HSTS_HEADER_NAME]).to eq("max-age=123456")
expect(hash[HPKP_HEADER_NAME]).to eq(%{max-age=1000000; pin-sha256="abc"; pin-sha256="123"; report-uri="//example.com/uri-directive"; includeSubDomains})
end

it "produces a hash of headers with default config" do
Expand Down

0 comments on commit 6ed1c41

Please sign in to comment.