1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
use strict;
use warnings;
use RT::Test tests => 11;
my ($url, $m);
# Enabled by default
{
ok(RT->Config->Get('Framebusting'), "Framebusting enabled by default");
($url, $m) = RT::Test->started_ok;
$m->get_ok($url);
$m->content_contains('if (window.top !== window.self) {', "Found the framekiller javascript");
is $m->response->header('X-Frame-Options'), 'DENY', "X-Frame-Options is set to DENY";
RT::Test->stop_server;
}
# Disabled
{
RT->Config->Set('Framebusting', 0);
($url, $m) = RT::Test->started_ok;
$m->get_ok($url);
$m->content_lacks('if (window.top !== window.self) {', "Didn't find the framekiller javascript");
is $m->response->header('X-Frame-Options'), undef, "X-Frame-Options is not present";
}
|
