github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: set CSP base-uri and object-src to none (#6863)

Browse Source
This commit is contained in:
Kyle Zhao
2019-01-09 15:04:50 -05:00
committed by Penar Musaraj
parent af227cada5
commit dec8e5879a
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
spec/lib/content_security_policy_spec.rb
View File

@ -16,6 +16,20 @@ describe ContentSecurityPolicy do
end
end
describe 'base-uri' do
it 'is set to none' do
base_uri = parse(policy)['base-uri']
expect(base_uri).to eq(["'none'"])
end
end
describe 'object-src' do
it 'is set to none' do
object_srcs = parse(policy)['object-src']
expect(object_srcs).to eq(["'none'"])
end
end
describe 'worker-src' do
it 'always has self and blob' do
worker_srcs = parse(policy)['worker-src']