mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-05 19:03:30 -05:00
fd54eeaeb7
Because this commit’s parent added a few new images, we are now serving at least a handful of images, therefore a few additional HTTP requests. It’s better to combine multiple HTTP requests into one for performance reasons (up to a point). This commit adds an extra step to the preprocessing of SASS files which takes any images it finds, base64 encodes them and inlines them into the distributed CSS files. It also modifies the content security policy to allow inline images.
10 lines
506 B
Python
10 lines
506 B
Python
|
|
def test_owasp_useful_headers_set(app_):
|
|
with app_.test_request_context():
|
|
response = app_.test_client().get('/')
|
|
assert response.status_code == 200
|
|
assert response.headers['X-Frame-Options'] == 'deny'
|
|
assert response.headers['X-Content-Type-Options'] == 'nosniff'
|
|
assert response.headers['X-XSS-Protection'] == '1; mode=block'
|
|
assert response.headers['Content-Security-Policy'] == "default-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data:;" # noqa
|