kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized CSP

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-05-19 10:05:30 +02:00
parent ab8b99b2c1
commit cc3f5d75ea
6 changed files with 53 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
tests/unit/test_csp_filters.py
View File

@@ -167,5 +167,29 @@ class TestCspFilters(unittest.TestCase):
)
self.assertNotIn("https://www.google.com", header_disabled)
def test_build_csp_header_frame_ancestors(self):
"""
frame-ancestors should include the wildcarded SLD+TLD when
'portfolio_iframe' is enabled, and omit it when disabled.
"""
# Ensure feature enabled and domain set
self.apps['app1']['features']['portfolio_iframe'] = True
# simulate a subdomain for the application
self.domains['app1'] = 'sub.domain-example.com'
header = self.filter.build_csp_header(self.apps, 'app1', self.domains, web_protocol='https')
# Expect '*.domain-example.com' in the frame-ancestors directive
self.assertRegex(
header,
r"frame-ancestors\s+'self'\s+\*\.domain-example\.com;"
)
# Now disable the feature and rebuild
self.apps['app1']['features']['portfolio_iframe'] = False
header_no = self.filter.build_csp_header(self.apps, 'app1', self.domains, web_protocol='https')
# Should no longer contain the wildcarded sld.tld
self.assertNotIn("*.domain-example.com", header_no)
if __name__ == '__main__':
unittest.main()