(t *testing.T)
| 122 | } |
| 123 | |
| 124 | func TestSecureWithConfig_HSTSExcludeSubdomains(t *testing.T) { |
| 125 | // Custom with CSPReportOnly flag |
| 126 | e := echo.New() |
| 127 | h := func(c *echo.Context) error { |
| 128 | return c.String(http.StatusOK, "test") |
| 129 | } |
| 130 | |
| 131 | req := httptest.NewRequest(http.MethodGet, "/", nil) |
| 132 | |
| 133 | // Custom, with preload option enabled and subdomains excluded |
| 134 | req.Header.Set(echo.HeaderXForwardedProto, "https") |
| 135 | rec := httptest.NewRecorder() |
| 136 | c := e.NewContext(req, rec) |
| 137 | |
| 138 | err := SecureWithConfig(SecureConfig{ |
| 139 | HSTSMaxAge: 3600, |
| 140 | HSTSPreloadEnabled: true, |
| 141 | HSTSExcludeSubdomains: true, |
| 142 | })(h)(c) |
| 143 | assert.NoError(t, err) |
| 144 | |
| 145 | assert.Equal(t, "max-age=3600; preload", rec.Header().Get(echo.HeaderStrictTransportSecurity)) |
| 146 | } |
nothing calls this directly
no test coverage detected
searching dependent graphs…