Skip to content

Commit

Permalink
Merge pull request #213 from trijpstra-fourlights/chore/1.0.0-rc.1
Browse files Browse the repository at this point in the history
  • Loading branch information
Baroshem authored Sep 21, 2023
2 parents 75b4184 + dfacfd1 commit 006e87c
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 23 deletions.
13 changes: 0 additions & 13 deletions test/fixtures/nonce/pages/with-inline-script.vue

This file was deleted.

11 changes: 1 addition & 10 deletions test/nonce.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ describe('[nuxt-security] Nonce', async () => {
rootDir: fileURLToPath(new URL('./fixtures/nonce', import.meta.url))
})

const expectedNonceElements = 7 // 1 from app.vue/useHead, 6 for nuxt
const expectedNonceElements = 8 // 1 from app.vue/useHead, 6 for nuxt, 1 for plugin vue export helper

it('injects `nonce` attribute in response', async () => {
const res = await fetch('/')
Expand Down Expand Up @@ -64,15 +64,6 @@ describe('[nuxt-security] Nonce', async () => {
expect(cspHeaderValue).toBe("base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data:; object-src 'none'; script-src-attr 'self' 'strict-dynamic'; style-src 'self' ; upgrade-insecure-requests; script-src 'self' 'strict-dynamic'")
})

it('does not add nonce to literal strings', async () => {
const res = await fetch('/with-inline-script')

const text = await res.text()
const untouchedLiteral = text.includes('var inlineLiteral = \'<script>console.log("example")\'')

expect(untouchedLiteral).toBe(true)
})

it('injects `nonce` attribute in style tags', async () => {
const res = await fetch('/with-styling')

Expand Down

0 comments on commit 006e87c

Please sign in to comment.