Revision 9d01755e
Added by Daniel Lobato Garcia over 9 years ago
| test/functional/application_controller_subclass_test.rb | ||
|---|---|---|
|
assert_equal @response.headers['X-XSS-Protection'], '1; mode=block'
|
||
|
assert_equal @response.headers['X-Content-Type-Options'], 'nosniff'
|
||
|
assert_equal @response.headers['Content-Security-Policy'], \
|
||
|
"default-src 'self'; connect-src 'self' ws://; font-src 'self'; " +
|
||
|
"default-src 'self'; connect-src 'self' ws: wss:; font-src 'self'; " +
|
||
|
"frame-src 'self'; img-src 'self' *.gravatar.com data:; media-src 'self'; " +
|
||
|
"object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' " +
|
||
|
"'self'; style-src 'unsafe-inline' 'self';"
|
||
Also available in: Unified diff
Fixes #8091: connect-src accepts WSS
(cherry picked from commit 8553650c50f0ab8a9bf9d3ce223ddac7af2afe0a)