Skip to content

Commit e7fd672

Browse files
tung2744tung2744
authored
Fix test #4183
Fix test
2 parents 0f68a42 + ce1a7b5 commit e7fd672

File tree

2 files changed

+11
-11
lines changed

2 files changed

+11
-11
lines changed

pkg/auth/webapp/dynamic_csp_middleware_test.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ func TestDynamicCSPMiddleware(t *testing.T) {
3939
AllowFrameAncestors: true,
4040
ExpectedHeaders: map[string][]string{
4141
"Content-Security-Policy": {
42-
"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors http://customui.com",
42+
"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors http://customui.com",
4343
},
4444
},
4545
},
@@ -55,7 +55,7 @@ func TestDynamicCSPMiddleware(t *testing.T) {
5555
AllowFrameAncestors: false,
5656
ExpectedHeaders: map[string][]string{
5757
"Content-Security-Policy": {
58-
"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
58+
"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
5959
},
6060
"X-Frame-Options": {"DENY"},
6161
},
@@ -66,7 +66,7 @@ func TestDynamicCSPMiddleware(t *testing.T) {
6666
AllowFrameAncestors: true,
6767
ExpectedHeaders: map[string][]string{
6868
"Content-Security-Policy": {
69-
"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
69+
"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
7070
},
7171
"X-Frame-Options": {"DENY"},
7272
},
@@ -77,7 +77,7 @@ func TestDynamicCSPMiddleware(t *testing.T) {
7777
AllowFrameAncestors: false,
7878
ExpectedHeaders: map[string][]string{
7979
"Content-Security-Policy": {
80-
"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
80+
"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
8181
},
8282
"X-Frame-Options": {"DENY"},
8383
},
@@ -88,7 +88,7 @@ func TestDynamicCSPMiddleware(t *testing.T) {
8888
AllowFrameAncestors: true,
8989
ExpectedHeaders: map[string][]string{
9090
"Content-Security-Policy": {
91-
"default-src 'self'; script-src 'strict-dynamic' 'nonce-' www.googletagmanager.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
91+
"default-src 'self'; script-src 'strict-dynamic' 'nonce-' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
9292
},
9393
"X-Frame-Options": {"DENY"},
9494
},
@@ -99,7 +99,7 @@ func TestDynamicCSPMiddleware(t *testing.T) {
9999
AllowFrameAncestors: false,
100100
ExpectedHeaders: map[string][]string{
101101
"Content-Security-Policy": {
102-
"default-src 'self'; script-src 'strict-dynamic' 'nonce-' www.googletagmanager.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
102+
"default-src 'self'; script-src 'strict-dynamic' 'nonce-' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
103103
},
104104
"X-Frame-Options": {"DENY"},
105105
},

pkg/lib/web/csp_test.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ func TestCSPDirectives(t *testing.T) {
2121
AllowInlineScript: false,
2222
}, []string{
2323
"default-src 'self'",
24-
"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com https://browser.sentry-cdn.com 'self'",
24+
"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self'",
2525
"frame-src www.googletagmanager.com 'self'",
2626
"font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self'",
2727
"style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self'",
@@ -40,7 +40,7 @@ func TestCSPDirectives(t *testing.T) {
4040
AllowInlineScript: false,
4141
}, []string{
4242
"default-src 'self'",
43-
"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com https://browser.sentry-cdn.com 'self' cdn.localhost:3000",
43+
"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' cdn.localhost:3000",
4444
"frame-src www.googletagmanager.com 'self'",
4545
"font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' cdn.localhost:3000",
4646
"style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' cdn.localhost:3000",
@@ -59,7 +59,7 @@ func TestCSPDirectives(t *testing.T) {
5959
AllowInlineScript: true,
6060
}, []string{
6161
"default-src 'self'",
62-
"script-src 'unsafe-inline' www.googletagmanager.com https://browser.sentry-cdn.com 'self' cdn.localhost:3000",
62+
"script-src 'unsafe-inline' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' cdn.localhost:3000",
6363
"frame-src www.googletagmanager.com 'self'",
6464
"font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' cdn.localhost:3000",
6565
"style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' cdn.localhost:3000",
@@ -79,7 +79,7 @@ func TestCSPDirectives(t *testing.T) {
7979
FrameAncestors: []string{"http://remote.localhost"},
8080
}, []string{
8181
"default-src 'self'",
82-
"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com https://browser.sentry-cdn.com 'self' cdn.localhost:3000",
82+
"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' cdn.localhost:3000",
8383
"frame-src www.googletagmanager.com 'self'",
8484
"font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' cdn.localhost:3000",
8585
"style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' cdn.localhost:3000",
@@ -99,7 +99,7 @@ func TestCSPDirectives(t *testing.T) {
9999
AuthUISentryDSN: "https://examplePublicKey@o0.ingest.sentry.io/0",
100100
}, []string{
101101
"default-src 'self'",
102-
"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com https://browser.sentry-cdn.com 'self'",
102+
"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self'",
103103
"frame-src www.googletagmanager.com 'self'",
104104
"font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self'",
105105
"style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self'",

0 commit comments

Comments
 (0)