Meik/simple-mail-cleaner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
082dc5e1108d2e0df5100c70169182da688abfb0
simple-mail-cleaner/backend/node_modules/@fastify/swagger-ui/test/integration.test.js
Meik e280e4eadb Aktueller Stand
2026-01-22 19:05:45 +01:00

48 lines
1.5 KiB
JavaScript
Raw Blame History

'use strict'
const { test } = require('node:test')
const Fastify = require('fastify')
const fastifySwagger = require('@fastify/swagger')
const fastifyHelmet = require('@fastify/helmet')
const fastifySwaggerUi = require('../index')
const swaggerCSP = require('../static/csp.json')
test('fastify will response swagger csp', async (t) => {
t.plan(1)
const scriptCSP = swaggerCSP.script.length > 0 ? ` ${swaggerCSP.script.join(' ')}` : ''
const styleCSP = swaggerCSP.style.length > 0 ? ` ${swaggerCSP.style.join(' ')}` : ''
const csp = `default-src 'self';img-src 'self' data: validator.swagger.io;script-src 'self'${scriptCSP};style-src 'self' https:${styleCSP};base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests`
const fastify = Fastify()
await fastify.register(fastifySwagger)
await fastify.register(fastifySwaggerUi)
const scriptSrc = ["'self'"].concat(fastify.swaggerCSP.script)
const styleSrc = ["'self'", 'https:'].concat(fastify.swaggerCSP.style)
await fastify.register(fastifyHelmet, {
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
imgSrc: ["'self'", 'data:', 'validator.swagger.io'],
scriptSrc,
styleSrc
}
}
})
// route for testing CSP headers
fastify.get('/', (_req, reply) => {
reply.send({
foo: 'bar'
})
})
const res = await fastify.inject({
method: 'GET',
url: '/'
})
t.assert.deepStrictEqual(res.headers['content-security-policy'], csp)
})
Reference in New Issue View Git Blame Copy Permalink