/** Runs a test with special CSP */
private Header[] doSpecialCspTest(String expectCspAncestors, String... ancestors) throws Exception {
ContentSecurityPolicy mockCsp = new MockCsp(ancestors);
MockConfigAdapter mci = getMockConfigAdapter();
try {
mci.setContentSecurityPolicy(mockCsp);
// An application with isOnePageApp set to true
DefDescriptor<ApplicationDef> desc = addSourceAutoCleanup(ApplicationDef.class,
"<aura:application isOnePageApp='true'></aura:application>");
HttpGet get = obtainGetMethod(String.format("/%s/%s.app", desc.getNamespace(), desc.getName()));
HttpResponse response = perform(get);
// Check X-FRAME-OPTIONS
Header[] headers = response.getHeaders("X-FRAME-OPTIONS");
// And CSP
Map<String, String> csp = getCSP(response);
assertEquals("frame-ancestors is wrong", expectCspAncestors, csp.get("frame-ancestors"));
assertEquals("script-src is wrong", "'self'", csp.get("script-src"));
assertEquals("style-src is wrong", "'self'", csp.get("style-src"));
assertEquals("connect-src is wrong", "www.itrustu.com/ www.also.com/other", csp.get("connect-src"));
assertEquals("font-src is wrong", "*", csp.get("font-src"));
assertEquals("img-src is wrong", "*", csp.get("img-src"));
assertEquals("object-src is wrong", "'none'", csp.get("object-src"));
assertEquals("media-src is wrong", "*", csp.get("media-src"));
assertEquals("default-src is wrong", "'self'", csp.get("default-src"));
return headers;
} finally {
mci.setContentSecurityPolicy(null);
ServiceLocatorMocker.unmockServiceLocator();
}
}