github.com/adharshmk96/stk@v1.2.3/pkg/middleware/security_test.go

github.com/adharshmk96/stk@v1.2.3/pkg/middleware/security_test.go (about)

     1  package middleware_test
     2  
     3  import (
     4  	"net/http"
     5  	"testing"
     6  
     7  	"github.com/adharshmk96/stk/gsk"
     8  	"github.com/adharshmk96/stk/pkg/middleware"
     9  	"github.com/stretchr/testify/assert"
    10  )
    11  
    12  func TestSecurityHeaders(t *testing.T) {
    13  	// Create a new server instance
    14  	config := &gsk.ServerConfig{
    15  		Port: "8888",
    16  	}
    17  	s := gsk.New(config)
    18  
    19  	s.Use(middleware.SecurityHeaders)
    20  
    21  	// Register a test route and handler
    22  	s.Get("/", func(c *gsk.Context) {
    23  		c.Status(http.StatusOK).JSONResponse("OK")
    24  	})
    25  
    26  	// Run the test request
    27  	rr, _ := s.Test("GET", "/", nil)
    28  
    29  	expectedHeaders := map[string]string{
    30  		"X-Content-Type-Options":            "nosniff",
    31  		"X-Frame-Options":                   "SAMEORIGIN",
    32  		"X-XSS-Protection":                  "1; mode=block",
    33  		"Content-Security-Policy":           "default-src 'self';",
    34  		"X-Permitted-Cross-Domain-Policies": "master-only",
    35  		"Strict-Transport-Security":         "max-age=31536000; includeSubDomains",
    36  		"Referrer-Policy":                   "strict-origin-when-cross-origin",
    37  	}
    38  
    39  	for header, expectedValue := range expectedHeaders {
    40  		value := rr.Header().Get(header)
    41  		assert.Equal(t, expectedValue, value)
    42  	}
    43  }