File: x_headers_test.clj

package info (click to toggle)
ring-headers-clojure 0.3.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 120 kB
  • sloc: xml: 81; makefile: 27
file content (180 lines) | stat: -rw-r--r-- 7,038 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
 
(ns ring.middleware.x-headers-test
  (:use clojure.test
        ring.middleware.x-headers
        [ring.mock.request :only [request]]
        [ring.util.response :only [redirect response content-type]]))

(deftest test-wrap-frame-options
  (let [handle-hello (constantly (response "hello"))]
    (testing "deny"
      (let [handler (wrap-frame-options handle-hello :deny)
            resp    (handler (request :get "/"))]
        (is (= (:headers resp) {"X-Frame-Options" "DENY"}))))

    (testing "sameorigin"
      (let [handler (wrap-frame-options handle-hello :sameorigin)
            resp    (handler (request :get "/"))]
        (is (= (:headers resp) {"X-Frame-Options" "SAMEORIGIN"}))))

    (testing "allow-from"
      (let [handler (wrap-frame-options handle-hello {:allow-from "http://example.com/"})
            resp    (handler (request :get "/"))]
        (is (= (:headers resp) {"X-Frame-Options" "ALLOW-FROM http://example.com/"}))))

    (testing "bad arguments"
      (is (thrown? AssertionError (wrap-frame-options handle-hello :foobar)))
      (is (thrown? AssertionError (wrap-frame-options handle-hello {:allowfrom "foo"})))
      (is (thrown? AssertionError (wrap-frame-options handle-hello {:allow-from nil}))))

    (testing "response fields"
      (let [handler (constantly
                     (-> (response "hello")
                         (content-type "text/plain")))
            resp    ((wrap-frame-options handler :deny)
                     (request :get "/"))]
        (is (= resp {:status  200
                     :headers {"X-Frame-Options" "DENY"
                               "Content-Type" "text/plain"}
                     :body    "hello"}))))

    (testing "nil response"
      (let [handler (wrap-frame-options (constantly nil) :deny)]
        (is (nil? (handler (request :get "/"))))))))

(deftest test-frame-options-response
  (testing "deny"
    (is (= (frame-options-response (response "hello") :deny)
           {:status 200, :headers {"X-Frame-Options" "DENY"}, :body "hello"})))

  (testing "nil response"
    (is (nil? (frame-options-response nil :deny)))))

(deftest test-wrap-frame-options-cps
  (testing "deny"
    (let [handler (-> (fn [_ respond _] (respond (response "hello")))
                      (wrap-frame-options :deny))
          resp    (promise)
          ex      (promise)]
      (handler (request :get "/") resp ex)
      (is (not (realized? ex)))
      (is (= (:headers @resp) {"X-Frame-Options" "DENY"}))))

  (testing "nil response"
    (let [handler (-> (fn [_ respond _] (respond nil))
                      (wrap-frame-options :deny))
          resp    (promise)
          ex      (promise)]
      (handler (request :get "/") resp ex)
      (is (not (realized? ex)))
      (is (nil? @resp)))))

(deftest test-wrap-content-type-options
  (let [handle-hello (constantly (-> (response "hello") (content-type "text/plain")))]
    (testing "nosniff"
      (let [handler (wrap-content-type-options handle-hello :nosniff)
            resp    (handler (request :get "/"))]
        (is (= resp {:status  200
                     :headers {"X-Content-Type-Options" "nosniff"
                               "Content-Type" "text/plain"}
                     :body    "hello"}))))

    (testing "bad arguments"
      (is (thrown? AssertionError (wrap-content-type-options handle-hello :foo))))

    (testing "nil response"
      (let [handler (wrap-content-type-options (constantly nil) :nosniff)]
        (is (nil? (handler (request :get "/"))))))))

(deftest test-content-type-options-response
  (testing "nosniff"
    (is (= (content-type-options-response
            (-> (response "hello") (content-type "text/plain"))
            :nosniff)
           {:status  200
            :headers {"X-Content-Type-Options" "nosniff"
                      "Content-Type" "text/plain"}
            :body    "hello"})))

  (testing "nil response"
    (is (nil? (content-type-options-response nil :nosniff)))))

(deftest test-wrap-content-type-options-cps
  (testing "nosniff"
    (let [handler (-> (fn [_ respond _]
                        (respond (-> (response "hello") (content-type "text/plain"))))
                      (wrap-content-type-options :nosniff))
          resp    (promise)
          ex      (promise)]
      (handler (request :get "/") resp ex)
      (is (not (realized? ex)))
      (is (= @resp {:status  200
                    :headers {"X-Content-Type-Options" "nosniff"
                              "Content-Type" "text/plain"}
                    :body    "hello"}))))

  (testing "nil response"
    (let [handler (-> (fn [_ respond _] (respond nil))
                      (wrap-content-type-options :nosniff))
          resp    (promise)
          ex      (promise)]
      (handler (request :get "/") resp ex)
      (is (not (realized? ex)))
      (is (nil? @resp)))))

(deftest test-wrap-xss-protection
  (let [handle-hello (constantly (response "hello"))]
    (testing "enable"
      (let [handler (wrap-xss-protection handle-hello true)
            resp    (handler (request :get "/"))]
        (is (= (:headers resp) {"X-XSS-Protection" "1"}))))

    (testing "disable"
      (let [handler (wrap-xss-protection handle-hello false)
            resp    (handler (request :get "/"))]
        (is (= (:headers resp) {"X-XSS-Protection" "0"}))))

    (testing "enable with block"
      (let [handler (constantly
                     (-> (response "hello")
                         (content-type "text/plain")))
            resp    ((wrap-xss-protection handler true {:mode :block})
                     (request :get "/"))]
        (is (= resp {:status  200
                     :headers {"X-XSS-Protection" "1; mode=block"
                               "Content-Type" "text/plain"}
                     :body    "hello"}))))

    (testing "bad arguments"
      (is (thrown? AssertionError
                   (wrap-xss-protection handle-hello true {:mode :blob}))))

    (testing "nil response"
      (let [handler (wrap-xss-protection (constantly nil) true)]
        (is (nil? (handler (request :get "/"))))))))

(deftest test-xss-protection-response
  (testing "enable"
    (is (= (xss-protection-response (response "hello") :deny)
           {:status 200, :headers {"X-XSS-Protection" "1"}, :body "hello"})))

  (testing "nil response"
    (is (nil? (frame-options-response nil :deny)))))

(deftest test-wrap-xss-protection-cps
  (testing "nosniff"
    (let [handler (-> (fn [_ respond _] (respond (response "hello")))
                      (wrap-xss-protection true))
          resp    (promise)
          ex      (promise)]
      (handler (request :get "/") resp ex)
      (is (not (realized? ex)))
      (is (= (:headers @resp) {"X-XSS-Protection" "1"}))))

  (testing "nil response"
    (let [handler (-> (fn [_ respond _] (respond nil))
                      (wrap-xss-protection true))
          resp    (promise)
          ex      (promise)]
      (handler (request :get "/") resp ex)
      (is (not (realized? ex)))
      (is (nil? @resp)))))