darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 02:42:26 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
886d0c8c952f9ba7422908812bb3ae2c886463e1
notifications-admin/tests/app/main/views/test_headers.py
Adam Shimali 886d0c8c95 Added content security policy header. 
unsafe-inline exception added to allow inline js scripts
we have in base govuk_template.
2016-01-12 11:08:10 +00:00

10 lines
505 B
Python
Raw Blame History

def test_owasp_useful_headers_set(notifications_admin):
with notifications_admin.test_request_context():
response = notifications_admin.test_client().get('/')
assert response.status_code == 200
assert response.headers['X-Frame-Options'] == 'deny'
assert response.headers['X-Content-Type-Options'] == 'nosniff'
assert response.headers['X-XSS-Protection'] == '1; mode=block'
assert response.headers['Content-Security-Policy'] == "default-src 'self' 'unsafe-inline'" # noqa
Reference in New Issue View Git Blame Copy Permalink