src/chttpd/test/chttpd_xframe_test.erl - couchdb - Git at Google

 -module(chttpd_xframe_test).


 -include_lib("couch/include/couch_db.hrl").
 -include_lib("eunit/include/eunit.hrl").

 setup() ->
     ok = meck:new(config),
     ok = meck:expect(config, get, fun(_, _, _) -> "X-Forwarded-Host" end),
     ok.

 teardown(_) ->
     meck:unload(config).

 mock_request() ->
     Headers = mochiweb_headers:make([{"Host", "examples.com"}]),
     MochiReq = mochiweb_request:new(nil, 'GET', '/', {1, 1}, Headers),
     #httpd{mochi_req = MochiReq}.

 config_disabled() ->
     [
         {enabled, false}
     ].

 config_sameorigin() ->
     [
         {enabled, true},
         {same_origin, true}
     ].

 config_wildcard() ->
     [
         {enabled, true},
         {same_origin, false},
         {hosts, ["*"]}
     ].

 config_specific_hosts() ->
     [
         {enabled, true},
         {same_origin, false},
         {hosts, ["http://couchdb.org", "http://examples.com"]}
     ].

 config_diffent_specific_hosts() ->
     [
         {enabled, true},
         {same_origin, false},
         {hosts, ["http://couchdb.org"]}
     ].

 no_header_if_xframe_disabled_test() ->
     Headers = chttpd_xframe_options:header(mock_request(), [], config_disabled()),
     ?assertEqual(Headers, []).

 enabled_with_same_origin_test() ->
     Headers = chttpd_xframe_options:header(mock_request(), [], config_sameorigin()),
     ?assertEqual(Headers, [{"X-Frame-Options", "SAMEORIGIN"}]).


 xframe_host_test_() ->
     {
         "xframe host tests",
         {
             foreach, fun setup/0, fun teardown/1,
             [
                 fun allow_with_wildcard_host/1,
                 fun allow_with_specific_host/1,
                 fun deny_with_different_host/1
             ]
         }
     }.

 allow_with_wildcard_host(_) ->
     Headers = chttpd_xframe_options:header(mock_request(), [], config_wildcard()),
     ?_assertEqual([{"X-Frame-Options", "ALLOW-FROM http://examples.com"}], Headers).

 allow_with_specific_host(_) ->
     Headers = chttpd_xframe_options:header(mock_request(), [], config_specific_hosts()),
     ?_assertEqual([{"X-Frame-Options", "ALLOW-FROM http://examples.com"}], Headers).

 deny_with_different_host(_) ->
     Headers = chttpd_xframe_options:header(mock_request(), [], config_diffent_specific_hosts()),
     ?_assertEqual([{"X-Frame-Options", "DENY"}], Headers).
	-module(chttpd_xframe_test).


	-include_lib("couch/include/couch_db.hrl").
	-include_lib("eunit/include/eunit.hrl").

	setup() ->
	ok = meck:new(config),
	ok = meck:expect(config, get, fun(_, _, _) -> "X-Forwarded-Host" end),
	ok.

	teardown(_) ->
	meck:unload(config).

	mock_request() ->
	Headers = mochiweb_headers:make([{"Host", "examples.com"}]),
	MochiReq = mochiweb_request:new(nil, 'GET', '/', {1, 1}, Headers),
	#httpd{mochi_req = MochiReq}.

	config_disabled() ->
	[
	{enabled, false}
	].

	config_sameorigin() ->
	[
	{enabled, true},
	{same_origin, true}
	].

	config_wildcard() ->
	[
	{enabled, true},
	{same_origin, false},
	{hosts, ["*"]}
	].

	config_specific_hosts() ->
	[
	{enabled, true},
	{same_origin, false},
	{hosts, ["http://couchdb.org", "http://examples.com"]}
	].

	config_diffent_specific_hosts() ->
	[
	{enabled, true},
	{same_origin, false},
	{hosts, ["http://couchdb.org"]}
	].

	no_header_if_xframe_disabled_test() ->
	Headers = chttpd_xframe_options:header(mock_request(), [], config_disabled()),
	?assertEqual(Headers, []).

	enabled_with_same_origin_test() ->
	Headers = chttpd_xframe_options:header(mock_request(), [], config_sameorigin()),
	?assertEqual(Headers, [{"X-Frame-Options", "SAMEORIGIN"}]).


	xframe_host_test_() ->
	{
	"xframe host tests",
	{
	foreach, fun setup/0, fun teardown/1,
	[
	fun allow_with_wildcard_host/1,
	fun allow_with_specific_host/1,
	fun deny_with_different_host/1
	]
	}
	}.

	allow_with_wildcard_host(_) ->
	Headers = chttpd_xframe_options:header(mock_request(), [], config_wildcard()),
	?_assertEqual([{"X-Frame-Options", "ALLOW-FROM http://examples.com"}], Headers).

	allow_with_specific_host(_) ->
	Headers = chttpd_xframe_options:header(mock_request(), [], config_specific_hosts()),
	?_assertEqual([{"X-Frame-Options", "ALLOW-FROM http://examples.com"}], Headers).

	deny_with_different_host(_) ->
	Headers = chttpd_xframe_options:header(mock_request(), [], config_diffent_specific_hosts()),
	?_assertEqual([{"X-Frame-Options", "DENY"}], Headers).