TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-22 02:11:44 +03:00
Code Issues Projects Releases Wiki Activity
4dd1423026
Ghost/test/unit/web/admin/controller_spec.js

46 lines
1.4 KiB
JavaScript
Raw Normal View History

Added x-frame-options header to /ghost/ route (#10760) no issue - by default the `/ghost/` route will add an `x-frame-options: sameorigin` header to the response to help protect the admin area against clickjacking - the header can be disabled by adding `"adminFrameProtection": false` to the `config.{env}.json` configuration file Credits: Muhammad Fawwad Obaida
2019-05-28 11:04:48 +03:00
require('should');
const sinon = require('sinon');
const configUtils = require('../../../utils/configUtils');
Move tests from core to root (#11700) - move all test files from core/test to test/ - updated all imports and other references - all code inside of core/ is then application code - tests are correctly at the root level - consistent with other repos/projects Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-03-30 18:26:47 +03:00
const controller = require('../../../../core/server/web/admin/controller');
Added x-frame-options header to /ghost/ route (#10760) no issue - by default the `/ghost/` route will add an `x-frame-options: sameorigin` header to the response to help protect the admin area against clickjacking - the header can be disabled by adding `"adminFrameProtection": false` to the `config.{env}.json` configuration file Credits: Muhammad Fawwad Obaida
2019-05-28 11:04:48 +03:00
describe('Admin App', function () {
Updated tests eslint config to use eslint-plugin-ghost@0.5.0 no issue - bump eslint-plugin-ghost to v0.5.0 - update core/test eslint config to use "ghost:test" in place of custom ruleset - apply automated eslint fixes
2019-08-19 14:41:09 +03:00
describe('controller', function () {
Added x-frame-options header to /ghost/ route (#10760) no issue - by default the `/ghost/` route will add an `x-frame-options: sameorigin` header to the response to help protect the admin area against clickjacking - the header can be disabled by adding `"adminFrameProtection": false` to the `config.{env}.json` configuration file Credits: Muhammad Fawwad Obaida
2019-05-28 11:04:48 +03:00
const req = {};
let res;
beforeEach(function () {
res = {
sendFile: sinon.spy()
};
configUtils.restore();
});
afterEach(function () {
sinon.restore();
});
it('adds x-frame-options header when adminFrameProtection is enabled (default)', function () {
// default config: configUtils.set('adminFrameProtection', true);
controller(req, res);
res.sendFile.called.should.be.true();
res.sendFile.calledWith(
sinon.match.string,
sinon.match.hasNested('headers.X-Frame-Options', sinon.match('sameorigin'))
).should.be.true();
});
it('doesn\'t add x-frame-options header when adminFrameProtection is disabled', function () {
configUtils.set('adminFrameProtection', false);
controller(req, res);
res.sendFile.called.should.be.true();
res.sendFile.calledWith(
sinon.match.string,
sinon.match.hasNested('headers.X-Frame-Options')
).should.be.false();
});
Updated tests eslint config to use eslint-plugin-ghost@0.5.0 no issue - bump eslint-plugin-ghost to v0.5.0 - update core/test eslint config to use "ghost:test" in place of custom ruleset - apply automated eslint fixes
2019-08-19 14:41:09 +03:00
});
Added x-frame-options header to /ghost/ route (#10760) no issue - by default the `/ghost/` route will add an `x-frame-options: sameorigin` header to the response to help protect the admin area against clickjacking - the header can be disabled by adding `"adminFrameProtection": false` to the `config.{env}.json` configuration file Credits: Muhammad Fawwad Obaida
2019-05-28 11:04:48 +03:00
});
Reference in New Issue Copy Permalink