darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-21 02:44:42 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
bcc45ede9cc027ad10a58d6f4c0d9ea3d53aa428
notifications-admin/tests/app/main/views/test_headers.py
Chris Hill-Scott f3b0c0a556 Use client and logged_in_client fixtures 
Wherever possible, because Don’t Repeat Yourself.
2017-02-06 10:44:38 +00:00

16 lines
690 B
Python
Raw Blame History

def test_owasp_useful_headers_set(client):
response = client.get('/')
assert response.status_code == 200
assert response.headers['X-Frame-Options'] == 'deny'
assert response.headers['X-Content-Type-Options'] == 'nosniff'
assert response.headers['X-XSS-Protection'] == '1; mode=block'
assert response.headers['Content-Security-Policy'] == (
"default-src 'self' 'unsafe-inline';"
"script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' data:;"
"object-src 'self';"
"font-src 'self' data:;"
"img-src 'self' *.google-analytics.com *.notifications.service.gov.uk data:;"
"frame-src www.youtube.com;"
)
Reference in New Issue View Git Blame Copy Permalink