github.com/adharshmk96/stk@v1.2.3/pkg/middleware/security_test.go (about) 1 package middleware_test 2 3 import ( 4 "net/http" 5 "testing" 6 7 "github.com/adharshmk96/stk/gsk" 8 "github.com/adharshmk96/stk/pkg/middleware" 9 "github.com/stretchr/testify/assert" 10 ) 11 12 func TestSecurityHeaders(t *testing.T) { 13 // Create a new server instance 14 config := &gsk.ServerConfig{ 15 Port: "8888", 16 } 17 s := gsk.New(config) 18 19 s.Use(middleware.SecurityHeaders) 20 21 // Register a test route and handler 22 s.Get("/", func(c *gsk.Context) { 23 c.Status(http.StatusOK).JSONResponse("OK") 24 }) 25 26 // Run the test request 27 rr, _ := s.Test("GET", "/", nil) 28 29 expectedHeaders := map[string]string{ 30 "X-Content-Type-Options": "nosniff", 31 "X-Frame-Options": "SAMEORIGIN", 32 "X-XSS-Protection": "1; mode=block", 33 "Content-Security-Policy": "default-src 'self';", 34 "X-Permitted-Cross-Domain-Policies": "master-only", 35 "Strict-Transport-Security": "max-age=31536000; includeSubDomains", 36 "Referrer-Policy": "strict-origin-when-cross-origin", 37 } 38 39 for header, expectedValue := range expectedHeaders { 40 value := rr.Header().Get(header) 41 assert.Equal(t, expectedValue, value) 42 } 43 }