Skip to content

Commit

Permalink
feat: add control for default enforcement (#49)
Browse files Browse the repository at this point in the history 
* feat: add a setting to control default enforcement

* fix: add missing parameters on Cross-Origin-Embedder-Policy
  • Loading branch information
Jesse Anderson authored Feb 3, 2022
1 parent 985d7ca commit 5e3e481
Show file tree
Hide file tree
Showing 18 changed files with 452 additions and 245 deletions.
51 changes: 30 additions & 21 deletions src/__tests__/headers/content-security-policy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,20 +2,23 @@ import { fortifyHeaders } from '../..';

describe('Content-Security-Policy Tests', () => {
it('exercises full configuration options', () => {
const fortifiedHeaders = fortifyHeaders({
contentSecurityPolicy: {
defaultSrc: ["'self'", 'somedomain.com', '*.somedomain.com'],
baseUri: ["'self'"],
fontSrc: ["'self'", 'https:', 'data:'],
frameAncestors: ["'self'"],
imgSrc: ["'self'", 'data:'],
objectSrc: ["'none'"],
scriptSrc: ["'self'"],
scriptSrcAttr: ["'none'"],
styleSrc: ["'self'", 'https:', "'unsafe-inline'"],
upgradeInsecureRequests: true,
const fortifiedHeaders = fortifyHeaders(
{
contentSecurityPolicy: {
defaultSrc: ["'self'", 'somedomain.com', '*.somedomain.com'],
baseUri: ["'self'"],
fontSrc: ["'self'", 'https:', 'data:'],
frameAncestors: ["'self'"],
imgSrc: ["'self'", 'data:'],
objectSrc: ["'none'"],
scriptSrc: ["'self'"],
scriptSrcAttr: ["'none'"],
styleSrc: ["'self'", 'https:', "'unsafe-inline'"],
upgradeInsecureRequests: true,
},
},
});
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Content-Security-Policy':
Expand All @@ -24,9 +27,12 @@ describe('Content-Security-Policy Tests', () => {
});

it('returns defaults for Content-Security-Policy when nothing is specified', () => {
const fortifiedHeaders = fortifyHeaders({
contentSecurityPolicy: {},
});
const fortifiedHeaders = fortifyHeaders(
{
contentSecurityPolicy: {},
},
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Content-Security-Policy':
Expand All @@ -35,12 +41,15 @@ describe('Content-Security-Policy Tests', () => {
});

it('returns the header as specified', () => {
const fortifiedHeaders = fortifyHeaders({
contentSecurityPolicy: {
defaultSrc: ["'self'", 'https://'],
upgradeInsecureRequests: false,
const fortifiedHeaders = fortifyHeaders(
{
contentSecurityPolicy: {
defaultSrc: ["'self'", 'https://'],
upgradeInsecureRequests: false,
},
},
});
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Content-Security-Policy': "default-src 'self' https://",
Expand Down
9 changes: 6 additions & 3 deletions src/__tests__/headers/cross-origin-embedder-policy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,12 @@ import { fortifyHeaders } from '../..';

describe('Cross-Origin-Embedder-Policy Tests', () => {
it('returns defaults for Cross-Origin-Embedder-Policy when nothing is specified', () => {
const fortifiedHeaders = fortifyHeaders({
crossOriginEmbedderPolicy: {},
});
const fortifiedHeaders = fortifyHeaders(
{
crossOriginEmbedderPolicy: {},
},
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Cross-Origin-Embedder-Policy': 'require-corp',
Expand Down
55 changes: 35 additions & 20 deletions src/__tests__/headers/cross-origin-opener-policy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,45 +2,57 @@ import { fortifyHeaders } from '../..';

describe('Cross-Origin-Opener-Policy Tests', () => {
it('returns defaults for Cross-Origin-Opener-Policy when nothing is specified', () => {
const fortifiedHeaders = fortifyHeaders({
crossOriginOpenerPolicy: {},
});
const fortifiedHeaders = fortifyHeaders(
{
crossOriginOpenerPolicy: {},
},
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Cross-Origin-Opener-Policy': 'same-origin',
});
});

it('returns same-origin', () => {
const fortifiedHeaders = fortifyHeaders({
crossOriginOpenerPolicy: {
sameOrigin: true,
const fortifiedHeaders = fortifyHeaders(
{
crossOriginOpenerPolicy: {
sameOrigin: true,
},
},
});
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Cross-Origin-Opener-Policy': 'same-origin',
});
});

it('returns same-origin-allow-popups', () => {
const fortifiedHeaders = fortifyHeaders({
crossOriginOpenerPolicy: {
sameOriginAllowPopups: true,
const fortifiedHeaders = fortifyHeaders(
{
crossOriginOpenerPolicy: {
sameOriginAllowPopups: true,
},
},
});
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Cross-Origin-Opener-Policy': 'same-origin-allow-popups',
});
});

it('returns unsafe-none', () => {
const fortifiedHeaders = fortifyHeaders({
crossOriginOpenerPolicy: {
unsafeNone: true,
const fortifiedHeaders = fortifyHeaders(
{
crossOriginOpenerPolicy: {
unsafeNone: true,
},
},
});
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Cross-Origin-Opener-Policy': 'unsafe-none',
Expand All @@ -49,12 +61,15 @@ describe('Cross-Origin-Opener-Policy Tests', () => {

it('enforces single-selection', () => {
expect(() =>
fortifyHeaders({
crossOriginOpenerPolicy: {
unsafeNone: true,
sameOriginAllowPopups: true,
fortifyHeaders(
{
crossOriginOpenerPolicy: {
unsafeNone: true,
sameOriginAllowPopups: true,
},
},
}),
{ useDefaults: false },
),
).toThrowErrorMatchingInlineSnapshot(
`"Cross-Origin-Opener-Policy only allows one selection. You can only specify one option for this header."`,
);
Expand Down
55 changes: 35 additions & 20 deletions src/__tests__/headers/cross-origin-resource-policy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,45 +2,57 @@ import { fortifyHeaders } from '../..';

describe('Cross-Origin-Resource-Policy Tests', () => {
it('returns defaults for Cross-Origin-Resource-Policy when nothing is specified', () => {
const fortifiedHeaders = fortifyHeaders({
crossOriginResourcePolicy: {},
});
const fortifiedHeaders = fortifyHeaders(
{
crossOriginResourcePolicy: {},
},
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Cross-Origin-Resource-Policy': 'same-origin',
});
});

it('returns same-origin', () => {
const fortifiedHeaders = fortifyHeaders({
crossOriginResourcePolicy: {
sameOrigin: true,
const fortifiedHeaders = fortifyHeaders(
{
crossOriginResourcePolicy: {
sameOrigin: true,
},
},
});
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Cross-Origin-Resource-Policy': 'same-origin',
});
});

it('returns same-site', () => {
const fortifiedHeaders = fortifyHeaders({
crossOriginResourcePolicy: {
sameSite: true,
const fortifiedHeaders = fortifyHeaders(
{
crossOriginResourcePolicy: {
sameSite: true,
},
},
});
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Cross-Origin-Resource-Policy': 'same-site',
});
});

it('returns cross-origin', () => {
const fortifiedHeaders = fortifyHeaders({
crossOriginResourcePolicy: {
crossOrigin: true,
const fortifiedHeaders = fortifyHeaders(
{
crossOriginResourcePolicy: {
crossOrigin: true,
},
},
});
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Cross-Origin-Resource-Policy': 'cross-origin',
Expand All @@ -49,12 +61,15 @@ describe('Cross-Origin-Resource-Policy Tests', () => {

it('enforce single-selection', () => {
expect(() =>
fortifyHeaders({
crossOriginResourcePolicy: {
crossOrigin: true,
sameSite: true,
fortifyHeaders(
{
crossOriginResourcePolicy: {
crossOrigin: true,
sameSite: true,
},
},
}),
{ useDefaults: false },
),
).toThrowErrorMatchingInlineSnapshot(
`"Cross-Origin-Resource-Policy only allows one selection. You can only specify one option for this header."`,
);
Expand Down
24 changes: 15 additions & 9 deletions src/__tests__/headers/expect-ct.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,29 @@ import { fortifyHeaders } from '../..';

describe('Expect-Ct Tests', () => {
it('returns defaults for Expect-CT when nothing is specified', () => {
const fortifiedHeaders = fortifyHeaders({
expectCt: {},
});
const fortifiedHeaders = fortifyHeaders(
{
expectCt: {},
},
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Expect-Ct': 'max-age=0',
});
});

it('exercise full configuration', () => {
const fortifiedHeaders = fortifyHeaders({
expectCt: {
enforce: true,
maxAge: 1000,
reportUri: 'report-endpoint/',
const fortifiedHeaders = fortifyHeaders(
{
expectCt: {
enforce: true,
maxAge: 1000,
reportUri: 'report-endpoint/',
},
},
});
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Expect-Ct': 'enforce; max-age=1000; report-uri=report-endpoint/',
Expand Down
27 changes: 18 additions & 9 deletions src/__tests__/headers/origin-agent-cluster.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,29 +2,38 @@ import { fortifyHeaders } from '../..';

describe('Origin-Agent-Cluster Tests', () => {
it('returns defaults for Origin-Agent-Cluster when nothing is specified', () => {
const fortifiedHeaders = fortifyHeaders({
originAgentCluster: {},
});
const fortifiedHeaders = fortifyHeaders(
{
originAgentCluster: {},
},
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Origin-Agent-Cluster': '?1',
});
});

it('returns defaults for Origin-Agent-Cluster when nothing is specified', () => {
const fortifiedHeaders = fortifyHeaders({
originAgentCluster: { enable: true },
});
const fortifiedHeaders = fortifyHeaders(
{
originAgentCluster: { enable: true },
},
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Origin-Agent-Cluster': '?1',
});
});

it('returns defaults for Origin-Agent-Cluster when enabled is set to false', () => {
const fortifiedHeaders = fortifyHeaders({
originAgentCluster: { enable: false },
});
const fortifiedHeaders = fortifyHeaders(
{
originAgentCluster: { enable: false },
},
{ useDefaults: false },
);

expect(fortifiedHeaders).toEqual({
'Origin-Agent-Cluster': '?0',
Expand Down
Loading

0 comments on commit 5e3e481

Please sign in to comment.