darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-16 08:24:28 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
2cecadfcbc37cb4e64cb61fc75cbc47dee71cfac
notifications-admin/tests/app/main/views/test_headers.py
Ken Tsang 35f66cae23 Update emails to use logos cdn
2017-07-27 16:10:59 +01:00

18 lines
798 B
Python
Raw Blame History

def test_owasp_useful_headers_set(client, mocker):
mocker.patch('app.get_cdn_domain', return_value='static-logos.test.com')
response = client.get('/')
assert response.status_code == 200
assert response.headers['X-Frame-Options'] == 'deny'
assert response.headers['X-Content-Type-Options'] == 'nosniff'
assert response.headers['X-XSS-Protection'] == '1; mode=block'
assert response.headers['Content-Security-Policy'] == (
"default-src 'self' 'unsafe-inline';"
"script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' data:;"
"object-src 'self';"
"font-src 'self' data:;"
"img-src 'self' *.google-analytics.com *.notifications.service.gov.uk static-logos.test.com data:;"
"frame-src www.youtube.com;"
)
Reference in New Issue View Git Blame Copy Permalink