agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-23 17:19:37 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
8644e239c6392ef081bd862d3a05abe2dae5b58d
overleaf-cep/services/web/test/unit/src/infrastructure/HTTPPermissionsPolicyTests.js
roo hutton 8644e239c6 Merge pull request #17596 from overleaf/rh-permissions-policy 
[web] Add Permissions-Policy header

GitOrigin-RevId: 8934bbbda411102580d9ef8af135dcdc147627f9
2024-04-08 08:04:29 +00:00

109 lines
3.5 KiB
JavaScript
Raw Blame History

const { expect } = require('chai')
const sinon = require('sinon')
const modulePath = '../../../../app/src/infrastructure/HttpPermissionsPolicy.js'
const SandboxedModule = require('sandboxed-module')
const HttpPermissionsPolicyMiddleware = require('../../../../app/src/infrastructure/HttpPermissionsPolicy')
const MockRequest = require('../helpers/MockRequest')
const MockResponse = require('../helpers/MockResponse')
describe('HttpPermissionsPolicy', function () {
this.beforeEach(function () {
this.next = sinon.stub()
this.HttpPermissionsPolicy = SandboxedModule.require(modulePath, {})
this.path = '/foo/bar'
this.req = new MockRequest()
return (this.res = new MockResponse())
})
describe('when a single blocked policy element is provided', function () {
it('returns a valid header string', function () {
const policy = {
blocked: ['accelerometer'],
}
const httpPermissionsMiddleware = new HttpPermissionsPolicyMiddleware(
policy
)
return expect(httpPermissionsMiddleware.policy).to.equal(
'accelerometer=()'
)
})
})
describe('when a single allowed policy element is provided', function () {
it('returns a valid header string', function () {
const policy = {
allowed: { camera: 'self' },
}
const httpPermissionsMiddleware = new HttpPermissionsPolicyMiddleware(
policy
)
return expect(httpPermissionsMiddleware.policy).to.equal('camera=(self)')
})
})
describe('when a full policy is provided', function () {
it('returns a valid header string', function () {
const policy = {
blocked: ['usb', 'hid'],
allowed: { camera: 'self https://example.com', fullscreen: 'self' },
}
const httpPermissionsMiddleware = new HttpPermissionsPolicyMiddleware(
policy
)
return expect(httpPermissionsMiddleware.policy).to.equal(
'usb=(), hid=(), camera=(self https://example.com), fullscreen=(self)'
)
})
})
describe('when a conflicting policy is provided', function () {
it('returns an error', function () {
const policy = {
blocked: ['usb'],
allowed: { usb: 'self' },
}
return expect(() => new HttpPermissionsPolicyMiddleware(policy)).to.throw(
'Invalid Permissions-Policy header configuration'
)
})
})
describe('when the allowlist contains an incomplete directive', function () {
it('returns an error', function () {
const policy = {
blocked: ['usb'],
allowed: { camera: '' },
}
return expect(() => new HttpPermissionsPolicyMiddleware(policy)).to.throw(
'Invalid Permissions-Policy header configuration'
)
})
})
describe('when an empty denylist is provided', function () {
it('returns a valid header string ', function () {
const policy = {
allowed: { camera: 'self' },
blocked: [],
}
const httpPermissionsMiddleware = new HttpPermissionsPolicyMiddleware(
policy
)
return expect(httpPermissionsMiddleware.policy).to.equal('camera=(self)')
})
})
describe('when an empty allowlist is provided', function () {
it('returns a valid header string ', function () {
const policy = {
allowed: {},
blocked: ['usb'],
}
const httpPermissionsMiddleware = new HttpPermissionsPolicyMiddleware(
policy
)
return expect(httpPermissionsMiddleware.policy).to.equal('usb=()')
})
})
})
Reference in New Issue View Git Blame Copy Permalink