mirror of https://github.com/openclaw/openclaw.git
19 lines
780 B
TypeScript
19 lines
780 B
TypeScript
import { describe, expect, it } from "vitest";
|
|
import { buildControlUiCspHeader } from "./control-ui-csp.js";
|
|
|
|
describe("buildControlUiCspHeader", () => {
|
|
it("blocks inline scripts while allowing inline styles", () => {
|
|
const csp = buildControlUiCspHeader();
|
|
expect(csp).toContain("frame-ancestors 'none'");
|
|
expect(csp).toContain("script-src 'self'");
|
|
expect(csp).not.toContain("script-src 'self' 'unsafe-inline'");
|
|
expect(csp).toContain("style-src 'self' 'unsafe-inline' https://fonts.googleapis.com");
|
|
});
|
|
|
|
it("allows Google Fonts for style and font loading", () => {
|
|
const csp = buildControlUiCspHeader();
|
|
expect(csp).toContain("https://fonts.googleapis.com");
|
|
expect(csp).toContain("font-src 'self' https://fonts.gstatic.com");
|
|
});
|
|
});
|