test hardening headers

This commit is contained in:
Jake Howard 2017-07-08 12:14:20 +01:00
parent 8a59759095
commit bca1f5d8e1
Signed by: jake
GPG key ID: 57AFB45680EDD477

View file

@ -2,7 +2,9 @@ import { expect } from 'chai';
import { runServer } from './helpers'; import { runServer } from './helpers';
import * as fs from 'fs'; import * as fs from 'fs';
import * as path from 'path'; import * as path from 'path';
import { Options } from '../src/types';
const PKG = require('../package.json');
describe('Server', function () { describe('Server', function () {
it('Should be usable', function (done) { it('Should be usable', function (done) {
@ -20,21 +22,6 @@ describe('Server', function () {
}); });
}); });
it('Should nave no x-powered-by header', function (done) {
runServer({
allowed_ips: [],
basicAuth: [],
dirList: false,
serveDir: 'site/',
opbeat: false,
open: false
}, '/index.html', function (response : any) {
expect(response.status).to.equal(200);
expect(response.headers.get('x-powered-by')).to.equal(null);
done();
});
});
describe('index route', function () { describe('index route', function () {
const body = fs.readFileSync(path.join(__dirname, '..', 'site', 'index.html')).toString(); const body = fs.readFileSync(path.join(__dirname, '..', 'site', 'index.html')).toString();
@ -54,4 +41,84 @@ describe('Server', function () {
}); });
}); });
}); });
describe('secure headers', function () {
const SERVER_SETTINGS = {
allowed_ips: [],
basicAuth: [],
dirList: false,
serveDir: 'site/',
opbeat: false,
open: false
} as Options;
it('Should have no powered by header', function (done) {
runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
expect(response.status).to.equal(200);
expect(response.headers.get('x-powered-by')).to.contain('tstatic');
expect(response.headers.get('x-powered-by')).to.contain(PKG.version);
done();
});
});
it('Should have xss block header', function (done) {
runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
expect(response.status).to.equal(200);
expect(response.headers.get('x-xss-protection')).to.equal('1; mode=block');
done();
});
});
it('Should block iframes', function (done) {
runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
expect(response.status).to.equal(200);
expect(response.headers.get('x-frame-options')).to.equal('SAMEORIGIN');
done();
});
});
it('Should have expect-ct header', function (done) {
runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
expect(response.status).to.equal(200);
expect(response.headers.get('expect-ct')).to.equal('max-age=1000');
done();
});
});
it('Should block DNS prefetch', function (done) {
runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
expect(response.status).to.equal(200);
expect(response.headers.get('x-dns-prefetch-control')).to.equal('off');
done();
});
});
it('Should block open on IE', function (done) {
runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
expect(response.status).to.equal(200);
expect(response.headers.get('x-download-options')).to.equal('noopen');
done();
});
});
it('Should block cache', function (done) {
runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
expect(response.status).to.equal(200);
expect(response.headers.get('cache-control')).to.contain('no-store');
expect(response.headers.get('cache-control')).to.contain('no-cache');
expect(response.headers.get('pragma')).to.contain('no-cache');
expect(response.headers.get('surrogate-control')).to.contain('no-store');
expect(response.headers.get('expires')).to.contain(0);
done();
});
});
it('Should block cache', function (done) {
runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
expect(response.status).to.equal(200);
expect(response.headers.get('referrer-policy')).to.contain('same-origin');
done();
});
});
});
}); });