Git-Mirrors/onionshare
1
0
Fork 0
mirror of https://github.com/onionshare/onionshare.git synced 2025-05-07 17:05:16 -04:00
Code Issues Projects Releases Packages Wiki Activity

Support sending a custom Content-Security-Policy header in Website mode

Browse source
This commit is contained in:
Miguel Jacq 2021-11-08 16:31:05 +11:00
parent 5346278ad3
commit ff45a5c76b
6 changed files with 103 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

18
desktop/tests/test_gui_website.py
View file

@ -22,8 +22,10 @@ class TestWebsite(GuiBaseTest):
QtTest.QTest.qWait(500, self.gui.qtapp)
if tab.settings.get("website", "disable_csp"):
self.assertFalse("Content-Security-Policy" in r.headers)
elif tab.settings.get("website", "custom_csp"):
self.assertEqual(tab.settings.get("website", "custom_csp"), r.headers["Content-Security-Policy"])
else:
self.assertTrue("Content-Security-Policy" in r.headers)
self.assertEqual("default-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; img-src 'self' data:;", r.headers["Content-Security-Policy"])
def run_all_website_mode_setup_tests(self, tab):
"""Tests in website mode prior to starting a share"""
@ -77,12 +79,24 @@ class TestWebsite(GuiBaseTest):
self.run_all_website_mode_download_tests(tab)
self.close_all_tabs()
def test_csp_enabled(self):
def test_csp_disabled(self):
"""
Test disabling CSP
"""
tab = self.new_website_tab()
tab.get_mode().disable_csp_checkbox.click()
self.assertFalse(tab.get_mode().custom_csp_checkbox.isEnabled())
self.run_all_website_mode_download_tests(tab)
self.close_all_tabs()
def test_csp_custom(self):
"""
Test a custom CSP
"""
tab = self.new_website_tab()
tab.get_mode().custom_csp_checkbox.click()
self.assertFalse(tab.get_mode().disable_csp_checkbox.isEnabled())
tab.settings.set("website", "custom_csp", "default-src 'self'")
self.run_all_website_mode_download_tests(tab)
self.close_all_tabs()