Skip to content

Commit

Permalink
Added more custom conf to test_custom_config_values
Browse files Browse the repository at this point in the history
  • Loading branch information
toavina committed Feb 5, 2025
1 parent 6a403c6 commit 3409a84
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 3 deletions.
6 changes: 3 additions & 3 deletions ckanext/fjelltopp_security/plugin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,13 +52,13 @@ def apply_owasp(response):
"",
)
response.headers["Cross-Origin-Opener-Policy"] = config.get(
"ckanext.fjelltopp_security.Cross-Origin-Opener-Policy", "same-site"
"ckanext.fjelltopp_security.cross_origin_opener_policy", "same-site"
)
response.headers["Cross-Origin-Embedder-Policy"] = config.get(
"ckanext.fjelltopp_security.Cross-Origin-Embedder-Policy", "unsafe-none"
"ckanext.fjelltopp_security.cross_origin_embedder_policy", "unsafe-none"
)
response.headers["Cross-Origin-Resource-Policy"] = config.get(
"ckanext.fjelltopp_security.Cross-Origin-Resource-Policy", "cross-origin"
"ckanext.fjelltopp_security.cross_origin_resource_policy", "cross-origin"
)
response.headers["Content-Security-Policy"] = config.get(
"ckanext.fjelltopp_security.content_security_policy", ""
Expand Down
16 changes: 16 additions & 0 deletions ckanext/fjelltopp_security/tests/test_headers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,12 @@ def test_default_security_headers(self, app):

@pytest.mark.ckan_config("ckanext.fjelltopp_security.strict_transport_security", "max-age=86400")
@pytest.mark.ckan_config("ckanext.fjelltopp_security.content_type_options", "custom-value")
@pytest.mark.ckan_config("ckanext.fjelltopp_security.cross_domain_policies", "custom-policy")
@pytest.mark.ckan_config("ckanext.fjelltopp_security.referrer_policy", "same-origin")
@pytest.mark.ckan_config("ckanext.fjelltopp_security.cache_control", "no-store")
@pytest.mark.ckan_config("ckanext.fjelltopp_security.cross_origin_opener_policy", "same-origin")
@pytest.mark.ckan_config("ckanext.fjelltopp_security.cross_origin_embedder_policy", "require-corp")
@pytest.mark.ckan_config("ckanext.fjelltopp_security.cross_origin_resource_policy", "same-site")
def test_custom_config_values(self, app):
dataset = factories.Dataset()
url = toolkit.url_for('dataset.read', id=dataset['name'])
Expand All @@ -36,6 +42,13 @@ def test_custom_config_values(self, app):

assert response.headers["Strict-Transport-Security"] == "max-age=86400"
assert response.headers["X-Content-Type-Options"] == "custom-value"
assert response.headers["X-Permitted-Cross-Domain-Policies"] == "custom-policy"
assert response.headers["Referrer-Policy"] == "same-origin"
assert response.headers["Cache-Control"] == "no-store, private"
assert response.headers["Cross-Origin-Opener-Policy"] == "same-origin"
assert response.headers["Cross-Origin-Embedder-Policy"] == "require-corp"
assert response.headers["Cross-Origin-Resource-Policy"] == "same-site"


def test_clear_site_data_on_logout(self, app):
@app.flask_app.route('/test_logout')
Expand All @@ -50,6 +63,7 @@ def test_logout():
# Verify the Clear-Site-Data header is set
assert response.headers.get("Clear-Site-Data") == '"*"'


def test_clear_site_data_not_set_without_redirect(self, app):
@app.flask_app.route('/test_other_redirect')
def test_other_redirect():
Expand All @@ -63,6 +77,7 @@ def test_other_redirect():
# Verify the Clear-Site-Data header is not set
assert "Clear-Site-Data" not in response.headers


def test_no_clear_site_data_on_normal_response(self, app):
dataset = factories.Dataset()
url = toolkit.url_for('dataset.read', id=dataset['name'])
Expand All @@ -71,6 +86,7 @@ def test_no_clear_site_data_on_normal_response(self, app):

assert "Clear-Site-Data" not in response.headers


@pytest.mark.ckan_config("ckanext.fjelltopp_security.content_security_policy",
"default-src 'self'; script-src 'self' 'unsafe-inline'")
def test_content_security_policy(self, app):
Expand Down

0 comments on commit 3409a84

Please sign in to comment.