Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test: e2e tests for autoCsp #28701

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Conversation

aaronshim
Copy link
Contributor

PR Checklist

Please check to confirm your PR fulfills the following requirements:

PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Documentation content changes
  • Other... Please describe: E2E tests

What is the current behavior?

No e2e tests for #28663

Issue Number: N/A

What is the new behavior?

e2e tests for #28663

Does this PR introduce a breaking change?

  • Yes
  • No

Other information

Copy link
Collaborator

@dgp1130 dgp1130 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few minor suggestions, hopefully @clydin can take a quick look once he's back just to make sure we're restricting the test to esbuild correctly.

tests/legacy-cli/e2e/tests/build/auto-csp.ts Show resolved Hide resolved
tests/legacy-cli/e2e/tests/build/auto-csp.ts Show resolved Hide resolved
import { updateJsonFile, updateServerFileForWebpack, useSha } from '../../utils/project';

const MULTI_HASH_CSP =
/script-src 'strict-dynamic' (?:'sha256-[^']+' )+https: 'unsafe-inline';object-src 'none';base-uri 'self';/;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At this level of abstraction I wouldn't assert on the policy this precisely, that's more of a unit test level assertion. Instead I'd just check:

  1. That a CSP policy was added (regex match for <meta http-equiv="Content-Security-Policy"), don't care what the policy is.
  2. That the browser did not error from that policy.

Optionally it might also be good to verify that the scripts actually executed (maybe just check that they printed to the console?). That way we know we aren't asserting too soon before the scripts have been checked, I think there's a low risk of a false positive there though, so probably not too important.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think verifying that there are no errors should cover the script execution cases but to ensure i think it would be good to check the console output for the added script logging (Inline Script...) cases as well.

@dgp1130 dgp1130 requested a review from clydin October 24, 2024 00:35
@dgp1130 dgp1130 added action: review The PR is still awaiting reviews from at least one requested reviewer target: rc This PR is targeted for the next release-candidate labels Oct 24, 2024
tests/legacy-cli/e2e/tests/build/auto-csp.ts Show resolved Hide resolved
import { updateJsonFile, updateServerFileForWebpack, useSha } from '../../utils/project';

const MULTI_HASH_CSP =
/script-src 'strict-dynamic' (?:'sha256-[^']+' )+https: 'unsafe-inline';object-src 'none';base-uri 'self';/;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think verifying that there are no errors should cover the script execution cases but to ensure i think it would be good to check the console output for the added script logging (Inline Script...) cases as well.

@alan-agius4 alan-agius4 added this to the v19 Candidates milestone Oct 30, 2024
@alan-agius4 alan-agius4 added action: cleanup The PR is in need of cleanup, either due to needing a rebase or in response to comments from reviews and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Nov 5, 2024
@jkrems jkrems removed this from the v19 Candidates milestone Nov 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
action: cleanup The PR is in need of cleanup, either due to needing a rebase or in response to comments from reviews target: rc This PR is targeted for the next release-candidate
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants