mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-27 22:49:56 -05:00
55204bf725
- for some reason, this test seems to be failing now we've pulled it out
of the general CI
- it makes sense when the repo is clean, because the html files don't
exist, but I don't understand how they were working before... 🤔
- anyway, we should be overriding the path to the test fixtures admin
view files here
- this fixes the unit tests
47 lines
1.5 KiB
JavaScript
47 lines
1.5 KiB
JavaScript
require('should');
|
|
const sinon = require('sinon');
|
|
const path = require('path');
|
|
const configUtils = require('../../../../utils/configUtils');
|
|
const controller = require('../../../../../core/server/web/admin/controller');
|
|
|
|
describe('Admin App', function () {
|
|
describe('controller', function () {
|
|
const req = {};
|
|
let res;
|
|
|
|
beforeEach(function () {
|
|
res = {
|
|
sendFile: sinon.spy()
|
|
};
|
|
|
|
configUtils.restore();
|
|
configUtils.set('paths:adminViews', path.resolve('test/utils/fixtures/admin-views'));
|
|
});
|
|
|
|
afterEach(function () {
|
|
sinon.restore();
|
|
});
|
|
|
|
it('adds x-frame-options header when adminFrameProtection is enabled (default)', function () {
|
|
// default config: configUtils.set('adminFrameProtection', true);
|
|
controller(req, res);
|
|
|
|
res.sendFile.called.should.be.true();
|
|
res.sendFile.calledWith(
|
|
sinon.match.string,
|
|
sinon.match.hasNested('headers.X-Frame-Options', sinon.match('sameorigin'))
|
|
).should.be.true();
|
|
});
|
|
|
|
it('doesn\'t add x-frame-options header when adminFrameProtection is disabled', function () {
|
|
configUtils.set('adminFrameProtection', false);
|
|
controller(req, res);
|
|
|
|
res.sendFile.called.should.be.true();
|
|
res.sendFile.calledWith(
|
|
sinon.match.string,
|
|
sinon.match.hasNested('headers.X-Frame-Options')
|
|
).should.be.false();
|
|
});
|
|
});
|
|
});
|