-
Notifications
You must be signed in to change notification settings - Fork 368
/
cross-origin-resource-policy.test.ts
44 lines (41 loc) · 1.37 KB
/
cross-origin-resource-policy.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
import { check } from "./helpers";
import crossOriginResourcePolicy from "../middlewares/cross-origin-resource-policy";
describe("Cross-Origin-Resource-Policy middleware", () => {
it('sets "Cross-Origin-Resource-Policy: same-origin" when called with no policy', async () => {
const expectedHeaders = {
"cross-origin-resource-policy": "same-origin",
};
await check(crossOriginResourcePolicy(), expectedHeaders);
await check(crossOriginResourcePolicy({}), expectedHeaders);
await check(
crossOriginResourcePolicy(Object.create(null)),
expectedHeaders
);
await check(
crossOriginResourcePolicy({ policy: undefined }),
expectedHeaders
);
});
(["same-origin", "same-site", "cross-origin"] as const).forEach((policy) => {
it(`sets "Cross-Origin-Resource-Policy: ${policy}" when told to`, async () => {
await check(crossOriginResourcePolicy({ policy }), {
"cross-origin-resource-policy": policy,
});
});
});
it("throws when setting the policy to an invalid value", () => {
const invalidValues = [
"",
"foo",
"CROSS-ORIGIN",
123,
null,
new String("none"),
];
for (const policy of invalidValues) {
expect(() =>
crossOriginResourcePolicy({ policy: policy as any })
).toThrow(/^Cross-Origin-Resource-Policy does not support /);
}
});
});