File size: 1,310 Bytes
1fcd4c4 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | import os
from fastapi.testclient import TestClient
from tensorus.api import app
def test_security_headers_default(monkeypatch):
monkeypatch.delenv("TENSORUS_X_FRAME_OPTIONS", raising=False)
monkeypatch.delenv("TENSORUS_CONTENT_SECURITY_POLICY", raising=False)
with TestClient(app) as client:
resp = client.get("/")
assert resp.headers.get("X-Frame-Options") == "SAMEORIGIN"
assert resp.headers.get("Content-Security-Policy") == "default-src 'self'"
def test_security_headers_custom(monkeypatch):
monkeypatch.setenv("TENSORUS_X_FRAME_OPTIONS", "ALLOW-FROM https://example.com")
policy = "default-src 'self'; script-src 'self' https://cdn.example.com"
monkeypatch.setenv("TENSORUS_CONTENT_SECURITY_POLICY", policy)
with TestClient(app) as client:
resp = client.get("/")
assert resp.headers["X-Frame-Options"] == "ALLOW-FROM https://example.com"
assert resp.headers["Content-Security-Policy"] == policy
def test_security_headers_omitted(monkeypatch):
monkeypatch.setenv("TENSORUS_X_FRAME_OPTIONS", "NONE")
monkeypatch.setenv("TENSORUS_CONTENT_SECURITY_POLICY", "")
with TestClient(app) as client:
resp = client.get("/")
assert "X-Frame-Options" not in resp.headers
assert "Content-Security-Policy" not in resp.headers
|