82 lines
2.0 KiB
Go
82 lines
2.0 KiB
Go
package middlewares
|
|
|
|
import (
|
|
"GoMembership/internal/config"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestCSPMiddleware(t *testing.T) {
|
|
// Save the current environment and restore it after the test
|
|
originalEnv := config.Env
|
|
|
|
tests := []struct {
|
|
name string
|
|
environment string
|
|
expectedHeader string
|
|
expectedPolicy string
|
|
}{
|
|
{
|
|
name: "Development Environment",
|
|
environment: "development",
|
|
expectedHeader: "Content-Security-Policy-Report-Only",
|
|
expectedPolicy: "default-src 'self'; " +
|
|
"script-src 'self' 'unsafe-inline'" +
|
|
"style-src 'self' 'unsafe-inline'" +
|
|
"img-src 'self'" +
|
|
"font-src 'self'" +
|
|
"connect-src 'self'; " +
|
|
"frame-ancestors 'none'; " +
|
|
"form-action 'self'; " +
|
|
"base-uri 'self'; " +
|
|
"upgrade-insecure-requests; report-uri /csp-report;",
|
|
},
|
|
{
|
|
name: "Production Environment",
|
|
environment: "production",
|
|
expectedHeader: "Content-Security-Policy",
|
|
expectedPolicy: "default-src 'self'; " +
|
|
"script-src 'self' 'unsafe-inline'" +
|
|
"style-src 'self' 'unsafe-inline'" +
|
|
"img-src 'self'" +
|
|
"font-src 'self'" +
|
|
"connect-src 'self'; " +
|
|
"frame-ancestors 'none'; " +
|
|
"form-action 'self'; " +
|
|
"base-uri 'self'; " +
|
|
"upgrade-insecure-requests;",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
// Set up the test environment
|
|
config.Env = tt.environment
|
|
|
|
// Create a new Gin router with the middleware
|
|
gin.SetMode(gin.TestMode)
|
|
router := gin.New()
|
|
router.Use(CSPMiddleware())
|
|
router.GET("/test", func(c *gin.Context) {
|
|
c.String(http.StatusOK, "test")
|
|
})
|
|
|
|
// Create a test request
|
|
req, _ := http.NewRequest("GET", "/test", nil)
|
|
w := httptest.NewRecorder()
|
|
|
|
// Serve the request
|
|
router.ServeHTTP(w, req)
|
|
|
|
// Check the response
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
assert.Equal(t, tt.expectedPolicy, w.Header().Get(tt.expectedHeader))
|
|
})
|
|
}
|
|
config.Env = originalEnv
|
|
}
|