mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-10 03:14:58 -04:00
Fix header test
This commit is contained in:
@@ -356,7 +356,8 @@ def useful_headers_after_request(response):
|
||||
response.headers.add('X-XSS-Protection', '1; mode=block')
|
||||
response.headers.add('Content-Security-Policy', (
|
||||
"default-src 'self' {asset_domain} 'unsafe-inline';"
|
||||
"script-src 'self' {asset_domain} *.google-analytics.com https://js-agent.newrelic.com https://*.nr-data.net 'unsafe-inline' 'unsafe-eval' data:;"
|
||||
"script-src 'self' {asset_domain} *.google-analytics.com https://js-agent.newrelic.com https://*.nr-data.net "
|
||||
"'unsafe-inline' 'unsafe-eval' data:;"
|
||||
"connect-src 'self' *.google-analytics.com https://*.nr-data.net;"
|
||||
"object-src 'self';"
|
||||
"font-src 'self' {asset_domain} data:;"
|
||||
|
||||
@@ -13,8 +13,9 @@ def test_owasp_useful_headers_set(
|
||||
assert response.headers['X-XSS-Protection'] == '1; mode=block'
|
||||
assert response.headers['Content-Security-Policy'] == (
|
||||
"default-src 'self' static.example.com 'unsafe-inline';"
|
||||
"script-src 'self' static.example.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' data:;"
|
||||
"connect-src 'self' *.google-analytics.com;"
|
||||
"script-src 'self' static.example.com *.google-analytics.com https://js-agent.newrelic.com "
|
||||
"https://*.nr-data.net 'unsafe-inline' 'unsafe-eval' data:;"
|
||||
"connect-src 'self' *.google-analytics.com https://*.nr-data.net;"
|
||||
"object-src 'self';"
|
||||
"font-src 'self' static.example.com data:;"
|
||||
"img-src "
|
||||
@@ -43,8 +44,9 @@ def test_headers_non_ascii_characters_are_replaced(
|
||||
|
||||
assert response.headers['Content-Security-Policy'] == (
|
||||
"default-src 'self' static.example.com 'unsafe-inline';"
|
||||
"script-src 'self' static.example.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' data:;"
|
||||
"connect-src 'self' *.google-analytics.com;"
|
||||
"script-src 'self' static.example.com *.google-analytics.com https://js-agent.newrelic.com "
|
||||
"https://*.nr-data.net 'unsafe-inline' 'unsafe-eval' data:;"
|
||||
"connect-src 'self' *.google-analytics.com https://*.nr-data.net;"
|
||||
"object-src 'self';"
|
||||
"font-src 'self' static.example.com data:;"
|
||||
"img-src"
|
||||
|
||||
Reference in New Issue
Block a user