http security: allow referrer-policy to be configured

author: William Pitcock <nenolod@dereferenced.org> 2018-11-12 15:14:46 +0000
committer: William Pitcock <nenolod@dereferenced.org> 2018-11-12 15:14:46 +0000
commit: ee5932a504d69e591aad7bdd52bd97d1f92d4e32 (patch)
tree: 44cb9351158409d4e53ee774e77bf04450b6bdca /test
parent: fe67665e19cc98faff4a8ee53a3f4ca4190ca2ef (diff)
download: pleroma-ee5932a504d69e591aad7bdd52bd97d1f92d4e32.tar.gz
pleroma-ee5932a504d69e591aad7bdd52bd97d1f92d4e32.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/test/plugs/http_security_plug_test.exs b/test/plugs/http_security_plug_test.exs
index 5268a1972..55040a108 100644
--- a/test/plugs/http_security_plug_test.exs
+++ b/test/plugs/http_security_plug_test.exs
@@ -58,4 +58,20 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
     assert Conn.get_resp_header(conn, "strict-transport-security") == []
     assert Conn.get_resp_header(conn, "expect-ct") == []
   end
+
+  test "referrer-policy header reflects configured value", %{conn: conn} do
+    conn =
+      conn
+      |> get("/api/v1/instance")
+
+    assert Conn.get_resp_header(conn, "referrer-policy") == ["same-origin"]
+
+    Config.put([:http_security, :referrer_policy], "no-referrer")
+
+    conn =
+      build_conn()
+      |> get("/api/v1/instance")
+
+    assert Conn.get_resp_header(conn, "referrer-policy") == ["no-referrer"]
+  end
 end
author	William Pitcock <nenolod@dereferenced.org>	2018-11-12 15:14:46 +0000
committer	William Pitcock <nenolod@dereferenced.org>	2018-11-12 15:14:46 +0000
commit	ee5932a504d69e591aad7bdd52bd97d1f92d4e32 (patch)
tree	44cb9351158409d4e53ee774e77bf04450b6bdca /test
parent	fe67665e19cc98faff4a8ee53a3f4ca4190ca2ef (diff)
download	pleroma-ee5932a504d69e591aad7bdd52bd97d1f92d4e32.tar.gz pleroma-ee5932a504d69e591aad7bdd52bd97d1f92d4e32.zip