mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-22 18:31:57 +03:00
9e96b04542
- this is a small part of a bit of cleanup of our test files - the goal is to make the existing tests clearer with a view to making it easier to write more tests - this makes the test structure follow the codebase structure more closely - eventually we will colocate the tests as we break the codebase down further
46 lines
1.4 KiB
JavaScript
46 lines
1.4 KiB
JavaScript
require('should');
|
|
const sinon = require('sinon');
|
|
const configUtils = require('../../../../utils/configUtils');
|
|
const controller = require('../../../../../core/server/web/admin/controller');
|
|
|
|
describe('Admin App', function () {
|
|
describe('controller', function () {
|
|
const req = {};
|
|
let res;
|
|
|
|
beforeEach(function () {
|
|
res = {
|
|
sendFile: sinon.spy()
|
|
};
|
|
|
|
configUtils.restore();
|
|
});
|
|
|
|
afterEach(function () {
|
|
sinon.restore();
|
|
});
|
|
|
|
it('adds x-frame-options header when adminFrameProtection is enabled (default)', function () {
|
|
// default config: configUtils.set('adminFrameProtection', true);
|
|
controller(req, res);
|
|
|
|
res.sendFile.called.should.be.true();
|
|
res.sendFile.calledWith(
|
|
sinon.match.string,
|
|
sinon.match.hasNested('headers.X-Frame-Options', sinon.match('sameorigin'))
|
|
).should.be.true();
|
|
});
|
|
|
|
it('doesn\'t add x-frame-options header when adminFrameProtection is disabled', function () {
|
|
configUtils.set('adminFrameProtection', false);
|
|
controller(req, res);
|
|
|
|
res.sendFile.called.should.be.true();
|
|
res.sendFile.calledWith(
|
|
sinon.match.string,
|
|
sinon.match.hasNested('headers.X-Frame-Options')
|
|
).should.be.false();
|
|
});
|
|
});
|
|
});
|