diff options
| author | Haelwenn <contact+git.pleroma.social@hacktivis.me> | 2023-05-26 17:12:18 +0000 |
|---|---|---|
| committer | Haelwenn (lanodan) Monnier <contact@hacktivis.me> | 2023-05-26 19:24:08 +0200 |
| commit | b36263e5ffd0d89d819b01478f19891b14740bb0 (patch) | |
| tree | d3096c13863248b1a13af42ecbf58855c7b95abf /test | |
| parent | 4339230f64b05fee1c4d7313c1dc9adc45827a5d (diff) | |
| download | pleroma-b36263e5ffd0d89d819b01478f19891b14740bb0.tar.gz pleroma-b36263e5ffd0d89d819b01478f19891b14740bb0.zip | |
Merge branch 'issue/3126' into 'develop'
MediaProxyController: Apply CSP sandbox
See merge request pleroma/pleroma!3890
Diffstat (limited to 'test')
| -rw-r--r-- | test/pleroma/web/media_proxy/media_proxy_controller_test.exs | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/test/pleroma/web/media_proxy/media_proxy_controller_test.exs b/test/pleroma/web/media_proxy/media_proxy_controller_test.exs index 5246bf0c4..9ce092fd8 100644 --- a/test/pleroma/web/media_proxy/media_proxy_controller_test.exs +++ b/test/pleroma/web/media_proxy/media_proxy_controller_test.exs @@ -6,7 +6,9 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyControllerTest do use Pleroma.Web.ConnCase import Mock + import Mox + alias Pleroma.ReverseProxy.ClientMock alias Pleroma.Web.MediaProxy alias Plug.Conn @@ -74,6 +76,20 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyControllerTest do assert %Conn{status: 404, resp_body: "Not Found"} = get(conn, url) end end + + test "it applies sandbox CSP to MediaProxy requests", %{conn: conn} do + media_url = "https://lain.com/image.png" + media_proxy_url = MediaProxy.encode_url(media_url) + + ClientMock + |> expect(:request, fn :get, ^media_url, _, _, _ -> + {:ok, 200, [{"content-type", "image/png"}]} + end) + + %Conn{resp_headers: headers} = get(conn, media_proxy_url) + + assert {"content-security-policy", "sandbox;"} in headers + end end describe "Media Preview Proxy" do |