add tests

spatie · Feb 17, 2018 · 08386a4 · 08386a4
1 parent 5a58541
commit 08386a4
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 2 deletions.
diff --git a/src/Directive.php b/src/Directive.php
@@ -12,7 +12,7 @@ abstract class Directive
     const CONNECT = 'connect-src';
     const DEFAULT = 'default-src';
     const FONT = 'font-src';
-    const FORM = 'form-action';
+    const FORM_ACTION = 'form-action';
     const FRAME = 'frame-src';
     const FRAME_ANCESTORS = 'frame-ancestors';
     const IMG = 'img-src';

diff --git a/src/Profiles/Basic.php b/src/Profiles/Basic.php
@@ -11,7 +11,7 @@ public function registerDirectives()
         $this
             ->addDirective(Directive::CONNECT, "'self'")
             ->addDirective(Directive::DEFAULT, "'self'")
-            ->addDirective(Directive::FORM, "'self'")
+            ->addDirective(Directive::FORM_ACTION, "'self'")
             ->addDirective(Directive::IMG, "'self'")
             ->addDirective(Directive::MEDIA, "'self'")
             ->addDirective(Directive::SCRIPT, "'self'")

diff --git a/tests/AddCspHeadersTest.php b/tests/AddCspHeadersTest.php
@@ -4,8 +4,10 @@
 
 use Illuminate\Support\Facades\Route;
 use Spatie\Csp\AddCspHeaders;
+use Spatie\Csp\Directive;
 use Spatie\Csp\Exceptions\InvalidCspProfile;
 use Spatie\Csp\Profiles\Basic;
+use Spatie\Csp\Profiles\Profile;
 use Symfony\Component\HttpFoundation\HeaderBag;
 
 class AddCspHeadersTest extends TestCase
@@ -91,6 +93,31 @@ public function using_an_invalid_profile_class_will_throw_an_exception()
         $this->getResponseHeaders();
     }
 
+    /** @test */
+    public function it_can_use_multiple_values_for_the_same_directive()
+    {
+        $profile = new class extends Profile
+        {
+            public function registerDirectives()
+            {
+                $this
+                    ->addDirective(Directive::FRAME, 'src-1')
+                    ->addDirective(Directive::FRAME, 'src-2')
+                    ->addDirective(Directive::FORM_ACTION, 'action-1')
+                    ->addDirective(Directive::FORM_ACTION, 'action-2');
+            }
+        };
+
+        config(['csp.profile' => get_class($profile)]);
+
+        $headers = $this->getResponseHeaders();
+
+        $this->assertEquals(
+            'frame-src src-1 src-2;form-action action-1 action-2',
+            $headers->get('Content-Security-Policy')
+        );
+    }
+
     protected function getResponseHeaders(): HeaderBag
     {
         return $this