mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-20 22:42:53 -05:00
7f1d3ebc07
- move all test files from core/test to test/ - updated all imports and other references - all code inside of core/ is then application code - tests are correctly at the root level - consistent with other repos/projects Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
45 lines
1.4 KiB
JavaScript
45 lines
1.4 KiB
JavaScript
require('should');
|
|
const sinon = require('sinon');
|
|
const configUtils = require('../../../utils/configUtils');
|
|
const controller = require('../../../../core/server/web/admin/controller');
|
|
|
|
describe('Admin App', function () {
|
|
describe('controller', function () {
|
|
const req = {};
|
|
let res;
|
|
|
|
beforeEach(function () {
|
|
res = {
|
|
sendFile: sinon.spy()
|
|
};
|
|
|
|
configUtils.restore();
|
|
});
|
|
|
|
afterEach(function () {
|
|
sinon.restore();
|
|
});
|
|
|
|
it('adds x-frame-options header when adminFrameProtection is enabled (default)', function () {
|
|
// default config: configUtils.set('adminFrameProtection', true);
|
|
controller(req, res);
|
|
|
|
res.sendFile.called.should.be.true();
|
|
res.sendFile.calledWith(
|
|
sinon.match.string,
|
|
sinon.match.hasNested('headers.X-Frame-Options', sinon.match('sameorigin'))
|
|
).should.be.true();
|
|
});
|
|
|
|
it('doesn\'t add x-frame-options header when adminFrameProtection is disabled', function () {
|
|
configUtils.set('adminFrameProtection', false);
|
|
controller(req, res);
|
|
|
|
res.sendFile.called.should.be.true();
|
|
res.sendFile.calledWith(
|
|
sinon.match.string,
|
|
sinon.match.hasNested('headers.X-Frame-Options')
|
|
).should.be.false();
|
|
});
|
|
});
|
|
});
|