Invert the CSP header setting and put it in its own Website Mode settings group. Make the CSP header mandatory for share/receive modes, optional for website mode only.

4 files changed, 8 insertions, 8 deletions

diff --git a/tests/GuiWebsiteTest.py b/tests/GuiWebsiteTest.py
index f58f4aa2..798c619a 100644
--- a/tests/GuiWebsiteTest.py
+++ b/tests/GuiWebsiteTest.py
@@ -65,7 +65,7 @@ class GuiWebsiteTest(GuiShareTest):
         QtTest.QTest.qWait(2000)
         self.assertTrue('This is a test website hosted by OnionShare' in r.text)
 
-    def check_csp_header(self, public_mode, csp_header_enabled):
+    def check_csp_header(self, public_mode, csp_header_disabled):
         '''Test that the CSP header is present when enabled or vice versa'''
         url = "http://127.0.0.1:{}/".format(self.gui.app.port)
         if public_mode:
@@ -74,10 +74,10 @@ class GuiWebsiteTest(GuiShareTest):
             r = requests.get(url, auth=requests.auth.HTTPBasicAuth('onionshare', self.gui.website_mode.server_status.web.password))
 
         QtTest.QTest.qWait(2000)
-        if csp_header_enabled:
-            self.assertTrue('Content-Security-Policy' in r.headers)
-        else:
+        if csp_header_disabled:
             self.assertFalse('Content-Security-Policy' in r.headers)
+        else:
+            self.assertTrue('Content-Security-Policy' in r.headers)
 
     def run_all_website_mode_setup_tests(self):
         """Tests in website mode prior to starting a share"""
@@ -106,7 +106,7 @@ class GuiWebsiteTest(GuiShareTest):
         self.run_all_website_mode_setup_tests()
         self.run_all_website_mode_started_tests(public_mode, startup_time=2000)
         self.view_website(public_mode)
-        self.check_csp_header(public_mode, self.gui.common.settings.get('csp_header_enabled'))
+        self.check_csp_header(public_mode, self.gui.common.settings.get('csp_header_disabled'))
         self.history_widgets_present(self.gui.website_mode)
         self.server_is_stopped(self.gui.website_mode, False)
         self.web_server_is_stopped()
diff --git a/tests/local_onionshare_website_mode_csp_enabled_test.py b/tests/local_onionshare_website_mode_csp_enabled_test.py
index 3cf79440..fbdc07ea 100644
--- a/tests/local_onionshare_website_mode_csp_enabled_test.py
+++ b/tests/local_onionshare_website_mode_csp_enabled_test.py
@@ -8,7 +8,7 @@ class LocalWebsiteModeCSPEnabledTest(unittest.TestCase, GuiWebsiteTest):
     @classmethod
     def setUpClass(cls):
         test_settings = {
-            "csp_header_enabled": True,
+            "csp_header_disabled": False,
         }
         cls.gui = GuiWebsiteTest.set_up(test_settings)
 
diff --git a/tests/local_onionshare_website_mode_test.py b/tests/local_onionshare_website_mode_test.py
index 5a7334a4..fc560f70 100644
--- a/tests/local_onionshare_website_mode_test.py
+++ b/tests/local_onionshare_website_mode_test.py
@@ -8,7 +8,7 @@ class LocalWebsiteModeTest(unittest.TestCase, GuiWebsiteTest):
     @classmethod
     def setUpClass(cls):
         test_settings = {
-            "csp_header_enabled": False
+            "csp_header_disabled": True
         }
         cls.gui = GuiWebsiteTest.set_up(test_settings)
 
diff --git a/tests/test_onionshare_settings.py b/tests/test_onionshare_settings.py
index d46c599b..12200b70 100644
--- a/tests/test_onionshare_settings.py
+++ b/tests/test_onionshare_settings.py
@@ -67,7 +67,7 @@ class TestSettings:
             'hidservauth_string': '',
             'data_dir': os.path.expanduser('~/OnionShare'),
             'public_mode': False,
-            'csp_header_enabled': True
+            'csp_header_disabled': False
         }
         for key in settings_obj._settings:
             # Skip locale, it will not always default to the same thing