14 lines
562 B
Ruby
14 lines
562 B
Ruby
require "spec_helper"
|
|
|
|
describe "Security headers" do
|
|
it "includes the required headers" do
|
|
get "/"
|
|
headers = response.headers
|
|
expect(headers["Content-Security-Policy"]).to eq("frame-ancestors 'self'")
|
|
expect(headers["Referrer-Policy"]).to eq("strict-origin-when-cross-origin")
|
|
expect(headers["X-Frame-Options"]).to eq("SAMEORIGIN")
|
|
expect(headers["X-XSS-Protection"]).to eq("1; mode=block")
|
|
expect(headers["X-Content-Type-Options"]).to eq("nosniff")
|
|
expect(headers["X-Permitted-Cross-Domain-Policies"]).to eq("none")
|
|
end
|
|
end
|