raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-27 01:43:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tidy up embedding specs

Browse Source
This commit is contained in:
Matt-Yorkley
2021-12-25 15:53:21 +00:00
parent d691940623
commit accb9228ee
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
spec/requests/embedded_shopfronts_headers_spec.rb
View File

@@ -17,11 +17,11 @@ describe "setting response headers for embedded shopfronts", type: :request do
Spree::Config[:enable_embedded_shopfronts] = false
end
it "disables iframes by default" do
it "disables external embedding by default" do
get shops_path
expect(response.status).to be 200
expect(response.headers['X-Frame-Options']).to be_nil
expect(response.headers['Content-Security-Policy']).to include "frame-ancestors 'none'"
expect(response.headers['Content-Security-Policy']).to include "frame-ancestors 'self' ;"
end
end
@@ -35,10 +35,10 @@ describe "setting response headers for embedded shopfronts", type: :request do
Spree::Config[:embedded_shopfronts_whitelist] = ""
end
it "disables iframes" do
it "disables external embedding" do
get shops_path
expect(response.status).to be 200
expect(response.headers['Content-Security-Policy']).to include "frame-ancestors 'none'"
expect(response.headers['Content-Security-Policy']).to include "frame-ancestors 'self' ;"
end
end
@@ -52,8 +52,10 @@ describe "setting response headers for embedded shopfronts", type: :request do
get enterprise_shop_path(enterprise) + '?embedded_shopfront=true'
expect(response.status).to be 200
expect(response.headers['Content-Security-Policy']).to include "frame-ancestors external-site.com"
expect(response.headers['Content-Security-Policy']).to include "frame-ancestors 'self' external-site.com"
end
it "doesn't allow iframes on other pages" do
get spree.admin_dashboard_path
expect(response.status).to be 200
@@ -71,7 +73,7 @@ describe "setting response headers for embedded shopfronts", type: :request do
get enterprise_shop_path(enterprise) + '?embedded_shopfront=true'
expect(response.status).to be 200
expect(response.headers['Content-Security-Policy']).to include "frame-ancestors www.external-site.com"
expect(response.headers['Content-Security-Policy']).to include "frame-ancestors 'self' www.external-site.com"
end
end
end