github.com/google/go-safeweb@v0.0.0-20231219055052-64d8cfc90fbb/safehttp/plugins/coop/coop_test.go (about) 1 // Copyright 2020 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package coop 16 17 import ( 18 "net/http/httptest" 19 "testing" 20 21 "github.com/google/go-cmp/cmp" 22 "github.com/google/go-safeweb/safehttp" 23 "github.com/google/go-safeweb/safehttp/safehttptest" 24 ) 25 26 func TestBefore(t *testing.T) { 27 type want struct { 28 enf, rep []string 29 } 30 var tests = []struct { 31 name string 32 interceptor Interceptor 33 overrider Overrider 34 want, wantOverridden want 35 }{ 36 { 37 name: "No policies, override on header", 38 interceptor: NewInterceptor(), 39 overrider: Override("testing", Policy{Mode: SameOrigin}), 40 wantOverridden: want{enf: []string{"same-origin"}}, 41 }, 42 { 43 name: "Default", 44 interceptor: Default("coop"), 45 want: want{enf: []string{`same-origin; report-to "coop"`}}, 46 }, 47 { 48 name: "policies, override disables enf", 49 interceptor: NewInterceptor(Policy{ 50 Mode: SameOriginAllowPopups, 51 ReportingGroup: "coop-ap", 52 }, Policy{ 53 Mode: SameOrigin, 54 ReportingGroup: "coop-so", 55 ReportOnly: true, 56 }, 57 ), 58 overrider: Override("testing", Policy{ 59 Mode: SameOrigin, 60 ReportingGroup: "coop-so", 61 ReportOnly: true, 62 }), 63 want: want{ 64 enf: []string{`same-origin-allow-popups; report-to "coop-ap"`}, 65 rep: []string{`same-origin; report-to "coop-so"`}, 66 }, 67 wantOverridden: want{ 68 rep: []string{`same-origin; report-to "coop-so"`}, 69 }, 70 }, 71 { 72 name: "multiple RO", 73 interceptor: NewInterceptor(Policy{ 74 Mode: SameOriginAllowPopups, 75 ReportingGroup: "coop-ap", 76 }, Policy{ 77 Mode: SameOrigin, 78 ReportingGroup: "coop-so", 79 ReportOnly: true, 80 }, Policy{ 81 Mode: UnsafeNone, 82 ReportingGroup: "coop-un", 83 ReportOnly: true, 84 }), 85 want: want{ 86 enf: []string{`same-origin-allow-popups; report-to "coop-ap"`}, 87 rep: []string{`same-origin; report-to "coop-so"`, `unsafe-none; report-to "coop-un"`}, 88 }, 89 }, 90 } 91 for _, tt := range tests { 92 t.Run(tt.name, func(t *testing.T) { 93 check := func(rr *httptest.ResponseRecorder, w want) { 94 t.Helper() 95 h := rr.Header() 96 enf, rep := h.Values("Cross-Origin-Opener-Policy"), h.Values("Cross-Origin-Opener-Policy-Report-Only") 97 if diff := cmp.Diff(w.enf, enf); diff != "" { 98 t.Errorf("Enforced COOP -want +got:\n%s", diff) 99 } 100 if diff := cmp.Diff(w.rep, rep); diff != "" { 101 t.Errorf("Report Only COOP -want +got:\n%s", diff) 102 } 103 if rr.Code != int(safehttp.StatusOK) { 104 t.Errorf("Status: got %v want: %v", rr.Code, safehttp.StatusOK) 105 } 106 if rr.Body.String() != "" { 107 t.Errorf("Got body: %q, didn't want one", rr.Body.String()) 108 } 109 } 110 // Non overridden 111 { 112 fakeRW, rr := safehttptest.NewFakeResponseWriter() 113 req := safehttptest.NewRequest(safehttp.MethodGet, "/", nil) 114 tt.interceptor.Before(fakeRW, req, nil) 115 check(rr, tt.want) 116 } 117 // Overridden 118 { 119 fakeRW, rr := safehttptest.NewFakeResponseWriter() 120 req := safehttptest.NewRequest(safehttp.MethodGet, "/", nil) 121 tt.interceptor.Before(fakeRW, req, tt.overrider) 122 check(rr, tt.wantOverridden) 123 } 124 }) 125 } 126 }