diff options
author | Miguel Jacq <mig@mig5.net> | 2019-09-16 12:10:17 +1000 |
---|---|---|
committer | Miguel Jacq <mig@mig5.net> | 2019-09-16 12:10:17 +1000 |
commit | 2524ddaf9485e484c87f2cea51414fc0d362187b (patch) | |
tree | d120ce70a6d987bc4bfcf137bd004ed58f34b40b /tests | |
parent | 957d3e9c6d424fdfc394bef529b87f52e16f371f (diff) | |
download | onionshare-2524ddaf9485e484c87f2cea51414fc0d362187b.tar.gz onionshare-2524ddaf9485e484c87f2cea51414fc0d362187b.zip |
Make setting the Content-Security-Policy header optional so it doesn't break website mode shares
Diffstat (limited to 'tests')
-rw-r--r-- | tests/GuiWebsiteTest.py | 15 | ||||
-rw-r--r-- | tests/local_onionshare_website_mode_csp_enabled_test.py | 26 | ||||
-rw-r--r-- | tests/local_onionshare_website_mode_test.py | 1 | ||||
-rw-r--r-- | tests/test_onionshare_settings.py | 3 |
4 files changed, 44 insertions, 1 deletions
diff --git a/tests/GuiWebsiteTest.py b/tests/GuiWebsiteTest.py index 7b88bfdf..f58f4aa2 100644 --- a/tests/GuiWebsiteTest.py +++ b/tests/GuiWebsiteTest.py @@ -65,6 +65,20 @@ class GuiWebsiteTest(GuiShareTest): QtTest.QTest.qWait(2000) self.assertTrue('This is a test website hosted by OnionShare' in r.text) + def check_csp_header(self, public_mode, csp_header_enabled): + '''Test that the CSP header is present when enabled or vice versa''' + url = "http://127.0.0.1:{}/".format(self.gui.app.port) + if public_mode: + r = requests.get(url) + else: + r = requests.get(url, auth=requests.auth.HTTPBasicAuth('onionshare', self.gui.website_mode.server_status.web.password)) + + QtTest.QTest.qWait(2000) + if csp_header_enabled: + self.assertTrue('Content-Security-Policy' in r.headers) + else: + self.assertFalse('Content-Security-Policy' in r.headers) + def run_all_website_mode_setup_tests(self): """Tests in website mode prior to starting a share""" self.click_mode(self.gui.website_mode) @@ -92,6 +106,7 @@ class GuiWebsiteTest(GuiShareTest): self.run_all_website_mode_setup_tests() self.run_all_website_mode_started_tests(public_mode, startup_time=2000) self.view_website(public_mode) + self.check_csp_header(public_mode, self.gui.common.settings.get('csp_header_enabled')) self.history_widgets_present(self.gui.website_mode) self.server_is_stopped(self.gui.website_mode, False) self.web_server_is_stopped() diff --git a/tests/local_onionshare_website_mode_csp_enabled_test.py b/tests/local_onionshare_website_mode_csp_enabled_test.py new file mode 100644 index 00000000..3cf79440 --- /dev/null +++ b/tests/local_onionshare_website_mode_csp_enabled_test.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python3 +import pytest +import unittest + +from .GuiWebsiteTest import GuiWebsiteTest + +class LocalWebsiteModeCSPEnabledTest(unittest.TestCase, GuiWebsiteTest): + @classmethod + def setUpClass(cls): + test_settings = { + "csp_header_enabled": True, + } + cls.gui = GuiWebsiteTest.set_up(test_settings) + + @classmethod + def tearDownClass(cls): + GuiWebsiteTest.tear_down() + + @pytest.mark.gui + @pytest.mark.skipif(pytest.__version__ < '2.9', reason="requires newer pytest") + def test_gui(self): + #self.run_all_common_setup_tests() + self.run_all_website_mode_download_tests(False) + +if __name__ == "__main__": + unittest.main() diff --git a/tests/local_onionshare_website_mode_test.py b/tests/local_onionshare_website_mode_test.py index 051adb3c..5a7334a4 100644 --- a/tests/local_onionshare_website_mode_test.py +++ b/tests/local_onionshare_website_mode_test.py @@ -8,6 +8,7 @@ class LocalWebsiteModeTest(unittest.TestCase, GuiWebsiteTest): @classmethod def setUpClass(cls): test_settings = { + "csp_header_enabled": False } cls.gui = GuiWebsiteTest.set_up(test_settings) diff --git a/tests/test_onionshare_settings.py b/tests/test_onionshare_settings.py index 05878899..d46c599b 100644 --- a/tests/test_onionshare_settings.py +++ b/tests/test_onionshare_settings.py @@ -66,7 +66,8 @@ class TestSettings: 'password': '', 'hidservauth_string': '', 'data_dir': os.path.expanduser('~/OnionShare'), - 'public_mode': False + 'public_mode': False, + 'csp_header_enabled': True } for key in settings_obj._settings: # Skip locale, it will not always default to the same thing |