def test_CSP_pass(self):
sh = Secure_Headers()
defaultCSP = sh.defaultPolicies['CSP']
""" test CSP policy update """
h = CSP({'script-src':['self','code.jquery.com']}).update_policy(defaultCSP)
self.assertHeaderEquals(h['script-src'],['self', 'code.jquery.com'])
self.assertEquals(h['default-src'],['self'])
self.assertEquals(h['img-src'],[])
""" test CSP policy rewrite """
h = CSP({'default-src':['none']}).rewrite_policy(defaultCSP)
self.assertEquals(h['script-src'],[])
self.assertEquals(h['default-src'],['none'])
self.assertEquals(h['report-uri'],[])
""" test CSP header creation """
h = CSP({'default-src':['none']}).create_header()
self.assertEquals(h['Content-Security-Policy'],"default-src 'none'")
""" test CSP -report-only header creation """
h = CSP({'default-src':['none'],'report-only':True}).create_header()
self.assertEquals(h['Content-Security-Policy-Report-Only'],"default-src 'none'")
mimetypes.add_type('image/svg+xml', '.svg')
oidc_config = config.OIDCConfig()
authentication = auth.OpenIDConnect(
oidc_config
)
oidc = authentication.auth(app)
person_api = person.API()
vanity_router = vanity.Router(app=app).setup()
# Add secure Headers to satify observatory checks
sh = Secure_Headers()
sh.update(
{
'CSP': {
'default-src': [
'self',
],
'script-src': [
'self',
'data:',
'ajax.googleapis.com',
'fonts.googleapis.com',
'https://*.googletagmanager.com',
'https://tagmanager.google.com',
'https://*.google-analytics.com',
'https://cdn.sso.mozilla.com',
def setUp(self):
self.app = Flask(__name__)
self.sh = Secure_Headers()
