github.com/chenbh/concourse/v6@v6.4.2/atc/wrappa/security_handler_test.go (about) 1 package wrappa_test 2 3 import ( 4 "net/http" 5 "net/http/httptest" 6 7 "github.com/chenbh/concourse/v6/atc/wrappa" 8 9 "github.com/chenbh/concourse/v6/atc/wrappa/wrappafakes" 10 . "github.com/onsi/ginkgo" 11 . "github.com/onsi/gomega" 12 ) 13 14 var _ = Describe("SecurityHandler", func() { 15 var ( 16 request *http.Request 17 rw *httptest.ResponseRecorder 18 19 fakeHandler *wrappafakes.FakeHandler 20 21 securityHandler wrappa.SecurityHandler 22 ) 23 24 BeforeEach(func() { 25 rw = httptest.NewRecorder() 26 request = httptest.NewRequest("GET", "/some/path", nil) 27 28 fakeHandler = new(wrappafakes.FakeHandler) 29 30 securityHandler = wrappa.SecurityHandler{ 31 Handler: fakeHandler, 32 } 33 }) 34 35 JustBeforeEach(func() { 36 securityHandler.ServeHTTP(rw, request) 37 }) 38 39 It("sets the correct security headers", func() { 40 Expect(rw.Header().Get("X-XSS-Protection")).To(Equal("1; mode=block")) 41 Expect(rw.Header().Get("X-Content-Type-Options")).To(Equal("nosniff")) 42 Expect(rw.Header().Get("X-Download-Options")).To(Equal("noopen")) 43 }) 44 45 Context("when the X-Frame-Options is empty", func() { 46 It("does not set the X-Frame-Options", func() { 47 Expect(rw.HeaderMap).NotTo(HaveKey("X-Frame-Options")) 48 }) 49 }) 50 51 Context("when the X-Frame-Options is non-empty", func() { 52 BeforeEach(func() { 53 securityHandler = wrappa.SecurityHandler{ 54 XFrameOptions: "some-x-frame-options", 55 Handler: fakeHandler, 56 } 57 }) 58 It("sets the X-Frame-Options to whatever it was configured with", func() { 59 Expect(rw.Header().Get("X-Frame-Options")).To(Equal("some-x-frame-options")) 60 }) 61 }) 62 })