From 6ed1c419274272fa58606ceeb7b736bf42510817 Mon Sep 17 00:00:00 2001 From: Neil Matatall Date: Wed, 23 Sep 2015 14:47:05 -0700 Subject: [PATCH] ensure that hpkp is set when provided --- spec/lib/secure_headers_spec.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/spec/lib/secure_headers_spec.rb b/spec/lib/secure_headers_spec.rb index 21c04f1f..4b8d19f8 100644 --- a/spec/lib/secure_headers_spec.rb +++ b/spec/lib/secure_headers_spec.rb @@ -178,16 +178,28 @@ def expect_default_values(hash) it "produces a hash with a mix of config values, override values, and default values" do ::SecureHeaders::Configuration.configure do |config| config.hsts = { :max_age => '123456'} + config.hpkp = { + :enforce => true, + :max_age => 1000000, + :include_subdomains => true, + :report_uri => '//example.com/uri-directive', + :pins => [ + {:sha256 => 'abc'}, + {:sha256 => '123'} + ] + } end hash = SecureHeaders::header_hash(:csp => {:default_src => 'none', :img_src => "data:", :disable_fill_missing => true}) ::SecureHeaders::Configuration.configure do |config| config.hsts = nil + config.hpkp = nil end expect(hash['Content-Security-Policy-Report-Only']).to eq("default-src 'none'; img-src data:;") expect(hash[XFO_HEADER_NAME]).to eq(SecureHeaders::XFrameOptions::Constants::DEFAULT_VALUE) expect(hash[HSTS_HEADER_NAME]).to eq("max-age=123456") + expect(hash[HPKP_HEADER_NAME]).to eq(%{max-age=1000000; pin-sha256="abc"; pin-sha256="123"; report-uri="//example.com/uri-directive"; includeSubDomains}) end it "produces a hash of headers with default config" do