File: configuration_spec.rb

package info (click to toggle)
ruby-secure-headers 7.1.0-1
links: PTS, VCS
area: main
in suites: forky, sid
size: 508 kB
sloc: ruby: 3,353; makefile: 5
file content (121 lines) | stat: -rw-r--r-- 3,637 bytes
parent folder | download | duplicates (3)
# frozen_string_literal: true
require "spec_helper"

module SecureHeaders
  describe Configuration do
    before(:each) do
      reset_config
    end

    it "has a default config" do
      expect(Configuration.default).to_not be_nil
    end

    it "has an 'noop' override" do
      Configuration.default
      expect(Configuration.overrides(Configuration::NOOP_OVERRIDE)).to_not be_nil
    end

    it "dup results in a copy of the default config" do
      Configuration.default
      original_configuration = Configuration.send(:default_config)
      configuration = Configuration.dup
      expect(original_configuration).not_to be(configuration)
      Configuration::CONFIG_ATTRIBUTES.each do |attr|
        expect(original_configuration.send(attr)).to eq(configuration.send(attr))
      end
    end

    it "stores an override" do
      Configuration.override(:test_override) do |config|
        config.x_frame_options = "DENY"
      end

      expect(Configuration.overrides(:test_override)).to_not be_nil
    end

    describe "#override" do
      it "raises on configuring an existing override" do
        set_override = Proc.new {
          Configuration.override(:test_override) do |config|
            config.x_frame_options = "DENY"
          end
        }

        set_override.call

        expect { set_override.call }
          .to raise_error(Configuration::AlreadyConfiguredError, "Configuration already exists")
      end

      it "raises when a named append with the given name exists" do
        Configuration.named_append(:test_override) do |config|
          config.x_frame_options = "DENY"
        end

        expect do
          Configuration.override(:test_override) do |config|
            config.x_frame_options = "SAMEORIGIN"
          end
        end.to raise_error(Configuration::AlreadyConfiguredError, "Configuration already exists")
      end
    end

    describe "#named_append" do
      it "raises on configuring an existing append" do
        set_override = Proc.new {
          Configuration.named_append(:test_override) do |config|
            config.x_frame_options = "DENY"
          end
        }

        set_override.call

        expect { set_override.call }
          .to raise_error(Configuration::AlreadyConfiguredError, "Configuration already exists")
      end

      it "raises when an override with the given name exists" do
        Configuration.override(:test_override) do |config|
          config.x_frame_options = "DENY"
        end

        expect do
          Configuration.named_append(:test_override) do |config|
            config.x_frame_options = "SAMEORIGIN"
          end
        end.to raise_error(Configuration::AlreadyConfiguredError, "Configuration already exists")
      end
    end

    it "deprecates the secure_cookies configuration" do
      expect {
        Configuration.default do |config|
          config.secure_cookies = true
        end
      }.to raise_error(ArgumentError)
    end

    it "gives cookies a default config" do
      expect(Configuration.default.cookies).to eq({httponly: true, secure: true, samesite: {lax: true}})
    end

    it "allows OPT_OUT" do
      Configuration.default do |config|
        config.cookies = OPT_OUT
      end

      config = Configuration.dup
      expect(config.cookies).to eq(OPT_OUT)
    end

    it "allows me to be explicit too" do
      Configuration.default do |config|
        config.cookies = {httponly: true, secure: true, samesite: {lax: false}}
      end

      config = Configuration.dup
      expect(config.cookies).to eq({httponly: true, secure: true, samesite: {lax: false}})
    end
  end
end