(t *testing.T)
| 34 | } |
| 35 | |
| 36 | func TestSecureWithConfig(t *testing.T) { |
| 37 | e := echo.New() |
| 38 | h := func(c *echo.Context) error { |
| 39 | return c.String(http.StatusOK, "test") |
| 40 | } |
| 41 | |
| 42 | req := httptest.NewRequest(http.MethodGet, "/", nil) |
| 43 | req.Header.Set(echo.HeaderXForwardedProto, "https") |
| 44 | rec := httptest.NewRecorder() |
| 45 | c := e.NewContext(req, rec) |
| 46 | mw, err := SecureConfig{ |
| 47 | XSSProtection: "", |
| 48 | ContentTypeNosniff: "", |
| 49 | XFrameOptions: "", |
| 50 | HSTSMaxAge: 3600, |
| 51 | ContentSecurityPolicy: "default-src 'self'", |
| 52 | ReferrerPolicy: "origin", |
| 53 | }.ToMiddleware() |
| 54 | assert.NoError(t, err) |
| 55 | |
| 56 | err = mw(h)(c) |
| 57 | assert.NoError(t, err) |
| 58 | |
| 59 | assert.Equal(t, "", rec.Header().Get(echo.HeaderXXSSProtection)) |
| 60 | assert.Equal(t, "", rec.Header().Get(echo.HeaderXContentTypeOptions)) |
| 61 | assert.Equal(t, "", rec.Header().Get(echo.HeaderXFrameOptions)) |
| 62 | assert.Equal(t, "max-age=3600; includeSubdomains", rec.Header().Get(echo.HeaderStrictTransportSecurity)) |
| 63 | assert.Equal(t, "default-src 'self'", rec.Header().Get(echo.HeaderContentSecurityPolicy)) |
| 64 | assert.Equal(t, "", rec.Header().Get(echo.HeaderContentSecurityPolicyReportOnly)) |
| 65 | assert.Equal(t, "origin", rec.Header().Get(echo.HeaderReferrerPolicy)) |
| 66 | |
| 67 | } |
| 68 | |
| 69 | func TestSecureWithConfig_CSPReportOnly(t *testing.T) { |
| 70 | // Custom with CSPReportOnly flag |
nothing calls this directly
no test coverage detected
searching dependent graphs…