otwarchive-symphonyarchive/spec/requests/security_headers_spec.rb

require "spec_helper"

describe "Security headers" do
  it "includes the required headers" do
    get "/"
    headers = response.headers
    expect(headers["Content-Security-Policy"]).to eq("frame-ancestors 'self'")
    expect(headers["Referrer-Policy"]).to eq("strict-origin-when-cross-origin")
    expect(headers["X-Frame-Options"]).to eq("SAMEORIGIN")
    expect(headers["X-XSS-Protection"]).to eq("1; mode=block")
    expect(headers["X-Content-Type-Options"]).to eq("nosniff")
    expect(headers["X-Permitted-Cross-Domain-Policies"]).to eq("none")
  end
end
first 2026-03-11 22:22:11 +00:00			`require "spec_helper"`

			`describe "Security headers" do`
			`it "includes the required headers" do`
			`get "/"`
			`headers = response.headers`
			`expect(headers["Content-Security-Policy"]).to eq("frame-ancestors 'self'")`
			`expect(headers["Referrer-Policy"]).to eq("strict-origin-when-cross-origin")`
			`expect(headers["X-Frame-Options"]).to eq("SAMEORIGIN")`
			`expect(headers["X-XSS-Protection"]).to eq("1; mode=block")`
			`expect(headers["X-Content-Type-Options"]).to eq("nosniff")`
			`expect(headers["X-Permitted-Cross-Domain-Policies"]).to eq("none")`
			`end`
			`end`