‪TYPO3CMS  10.4
ContentSecurityPolicyHeaderTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Install\Tests\Unit\SystemEnvironment\ServerResponse;
19 
20 use PHPUnit\Framework\TestCase;
21 use ‪TYPO3\CMS\Install\SystemEnvironment\ServerResponse\ContentSecurityPolicyHeader;
22 
23 class ‪ContentSecurityPolicyHeaderTest extends TestCase
24 {
25  public function ‪mitigatesCrossSiteScriptingDataProvider(): array
26  {
27  return [
28  '#1' => [
29  '',
30  false,
31  ],
32  '#2' => [
33  "default-src 'none'",
34  true,
35  ],
36  '#3' => [
37  "script-src 'none'",
38  false,
39  ],
40  '#4' => [
41  "style-src 'none'",
42  false,
43  ],
44  '#5' => [
45  "default-src 'none'; script-src 'none'",
46  true,
47  ],
48  '#6' => [
49  "default-src 'none'; style-src 'none'",
50  true,
51  ],
52  '#7' => [
53  "default-src 'none'; object-src 'none'",
54  true,
55  ],
56  '#8' => [
57  "default-src 'none'; script-src 'self'; style-src 'self'; object-src 'self'",
58  false,
59  ],
60  '#9' => [
61  "script-src 'none'; style-src 'none'; object-src 'none'",
62  true,
63  ],
64  '#10' => [
65  "default-src 'none'; script-src 'unsafe-eval'; style-src 'none'; object-src 'none'",
66  false,
67  ],
68  '#11' => [
69  "default-src 'none'; script-src 'unsafe-inline'; style-src 'none'; object-src 'none'",
70  false,
71  ],
72  ];
73  }
74 
82  public function ‪mitigatesCrossSiteScripting(string $header, bool $expectation)
83  {
84  $subject = new ‪ContentSecurityPolicyHeader($header);
85  self::assertSame($expectation, $subject->mitigatesCrossSiteScripting());
86  }
87 }
‪TYPO3\CMS\Install\Tests\Unit\SystemEnvironment\ServerResponse\ContentSecurityPolicyHeaderTest
Definition: ContentSecurityPolicyHeaderTest.php:24
‪TYPO3\CMS\Install\Tests\Unit\SystemEnvironment\ServerResponse\ContentSecurityPolicyHeaderTest\mitigatesCrossSiteScripting
‪mitigatesCrossSiteScripting(string $header, bool $expectation)
Definition: ContentSecurityPolicyHeaderTest.php:82
‪TYPO3\CMS\Install\SystemEnvironment\ServerResponse\ContentSecurityPolicyHeader
Definition: ContentSecurityPolicyHeader.php:26
‪TYPO3\CMS\Install\Tests\Unit\SystemEnvironment\ServerResponse
Definition: ContentSecurityPolicyHeaderTest.php:18
‪TYPO3\CMS\Install\Tests\Unit\SystemEnvironment\ServerResponse\ContentSecurityPolicyHeaderTest\mitigatesCrossSiteScriptingDataProvider
‪mitigatesCrossSiteScriptingDataProvider()
Definition: ContentSecurityPolicyHeaderTest.php:25