kink-discovery / tests /test_coep_headers.py
Perplexed7675's picture
Sync from kink_cli (Docker Space)
6ff91d6 verified
Raw
History Blame Contribute Delete
989 Bytes
"""Security headers: COEP choice must allow typical catalog image embedding."""
from __future__ import annotations
import importlib
import sys
from pathlib import Path
import pytest
from fastapi.testclient import TestClient
from backend.core import Backend
def test_cross_origin_embedder_policy_is_credentialless(monkeypatch: pytest.MonkeyPatch, tmp_path: Path) -> None:
"""Credentialless avoids blocking cross-origin <img> from HTTPS CDNs under COEP (see api middleware)."""
db = tmp_path / "coep_header.db"
monkeypatch.setenv("KINK_STORE_PATH", str(db))
monkeypatch.setenv("KINK_SKIP_HEAVY_WARM", "1")
monkeypatch.setenv("KINK_HF_REQUIRE_FULL_CATALOG", "0")
Backend(db)
sys.modules.pop("api", None)
api_mod = importlib.import_module("api")
api_mod._backend_impl = None
client = TestClient(api_mod.app)
r = client.get("/health")
assert r.status_code == 200
assert r.headers.get("Cross-Origin-Embedder-Policy") == "credentialless"