github.com/google/go-safeweb@v0.0.0-20231219055052-64d8cfc90fbb/tests/integration/devmodefreeze/devmodefreeze_test.go

github.com/google/go-safeweb@v0.0.0-20231219055052-64d8cfc90fbb/tests/integration/devmodefreeze/devmodefreeze_test.go (about)

     1  // Copyright 2020 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //	https://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package devmode_test
    16  
    17  import (
    18  	"bytes"
    19  	"io/ioutil"
    20  	"net/http/httptest"
    21  	"testing"
    22  
    23  	"github.com/google/go-safeweb/safehttp"
    24  	"github.com/google/go-safeweb/safehttp/defaults"
    25  	"github.com/google/safehtml"
    26  )
    27  
    28  func TestDevMode(t *testing.T) {
    29  	t.Run("can load in prod mode and can't change afterwards", func(t *testing.T) {
    30  		const resp = "response"
    31  		cfg, _ := defaults.ServeMuxConfig([]string{"test.host.example"}, "test-xsrf-key")
    32  		mux := cfg.Mux()
    33  
    34  		mux.Handle("/test", "GET", safehttp.HandlerFunc(func(w safehttp.ResponseWriter, r *safehttp.IncomingRequest) safehttp.Result {
    35  			form, err := r.URL().Query()
    36  			if err != nil {
    37  				t.Errorf("Cannot parse GET form: %v", err)
    38  			}
    39  			b := form.Bool("test", false)
    40  			if !b {
    41  				t.Error("test parameter, got false, want true")
    42  			}
    43  			w.AddCookie(safehttp.NewCookie("test", "insecure"))
    44  			return w.Write(safehtml.HTMLEscaped(resp))
    45  		}))
    46  		w := httptest.NewRecorder()
    47  		r := httptest.NewRequest("GET", "https://test.host.example/test?test=true", nil)
    48  		mux.ServeHTTP(w, r)
    49  		if w.Result().StatusCode != 200 {
    50  			t.Errorf("Status: got %d, want 200", w.Result().StatusCode)
    51  		}
    52  		got, err := ioutil.ReadAll(w.Result().Body)
    53  		if err != nil {
    54  			t.Errorf("Read body: got %v", err)
    55  		}
    56  		if !bytes.Equal(got, []byte(resp)) {
    57  			t.Errorf("body: got %q, want %q", got, resp)
    58  		}
    59  		cs := w.Result().Cookies()
    60  		if len(cs) == 0 {
    61  			t.Errorf("got no cookies, wanted cookies")
    62  		}
    63  		for _, c := range cs {
    64  			if !c.Secure {
    65  				t.Errorf("got non-secure cookie %q, should have been secure", c.Raw)
    66  			}
    67  		}
    68  		defer func() {
    69  			if r := recover(); r == nil {
    70  				t.Errorf("got no panic, wanted panic due to setting dev mode after running the framework")
    71  			}
    72  		}()
    73  		safehttp.UseLocalDev()
    74  	})
    75  }