Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Changed

- Removed the trailing semicolon from CSP strings
- Added some missing `int` into function parameter types

### Deprecated

### Removed
Expand Down
2 changes: 1 addition & 1 deletion ruff.toml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
extend = "/home/app/ruff-strict.toml"
extend = "/home/app/ruff.toml"

[lint]
ignore = [
Expand Down
36 changes: 18 additions & 18 deletions tests/test_flask_talisman.py
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ def test_default_talisman_app(self):

self.assertIn("Content-Security-Policy", rv.headers)
self.assertEqual(
"default-src 'self'; object-src 'none'; frame-ancestors 'none'; child-src 'none';",
"default-src 'self'; object-src 'none'; frame-ancestors 'none'; child-src 'none'",
rv.headers["Content-Security-Policy"],
)

Expand Down Expand Up @@ -83,7 +83,7 @@ def test_default_talisman_app_delayed(self):

self.assertIn("Content-Security-Policy", rv.headers)
self.assertEqual(
"default-src 'self'; object-src 'none'; frame-ancestors 'none'; child-src 'none';",
"default-src 'self'; object-src 'none'; frame-ancestors 'none'; child-src 'none'",
rv.headers["Content-Security-Policy"],
)

Expand All @@ -95,29 +95,29 @@ def test_talisman_google_csp(self):
self.assertEqual(rv.status_code, 200)

self.assertIn("Content-Security-Policy", rv.headers)
self.assertIn("default-src 'self';", rv.headers["Content-Security-Policy"])
self.assertIn("default-src 'self'", rv.headers["Content-Security-Policy"])
self.assertIn(
"connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com;",
"connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com",
rv.headers["Content-Security-Policy"],
)
self.assertIn(
"frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com;",
"frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com",
rv.headers["Content-Security-Policy"],
)
self.assertIn(
"font-src 'self' *.gstatic.com data:;",
"font-src 'self' *.gstatic.com data:",
rv.headers["Content-Security-Policy"],
)
self.assertIn(
"img-src 'self' img.youtube.com i.ytimg.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com;",
"img-src 'self' img.youtube.com i.ytimg.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com",
rv.headers["Content-Security-Policy"],
)
self.assertIn(
"script-src 'self' ajax.googleapis.com *.googleanalytics.com *.google-analytics.com www.youtube.com *.gstatic.com *.googletagmanager.com tagmanager.google.com;",
"script-src 'self' ajax.googleapis.com *.googleanalytics.com *.google-analytics.com www.youtube.com *.gstatic.com *.googletagmanager.com tagmanager.google.com",
rv.headers["Content-Security-Policy"],
)
self.assertIn(
"style-src 'self' ajax.googleapis.com fonts.googleapis.com *.gstatic.com googletagmanager.com tagmanager.google.com;",
"style-src 'self' ajax.googleapis.com fonts.googleapis.com *.gstatic.com googletagmanager.com tagmanager.google.com",
rv.headers["Content-Security-Policy"],
)

Expand All @@ -130,10 +130,10 @@ def test_talisman_typekit_csp(self):

self.assertIn("Content-Security-Policy", rv.headers)
self.assertIn(
"font-src 'self' use.typekit.net;", rv.headers["Content-Security-Policy"]
"font-src 'self' use.typekit.net", rv.headers["Content-Security-Policy"]
)
self.assertIn(
"style-src 'self' *.typekit.net;", rv.headers["Content-Security-Policy"]
"style-src 'self' *.typekit.net", rv.headers["Content-Security-Policy"]
)

def test_talisman_google_and_typekit_csp(self):
Expand All @@ -149,15 +149,15 @@ def test_talisman_google_and_typekit_csp(self):

self.assertIn("Content-Security-Policy", rv.headers)
self.assertIn(
"font-src 'self' *.gstatic.com data: use.typekit.net;",
"font-src 'self' *.gstatic.com data: use.typekit.net",
rv.headers["Content-Security-Policy"],
)
self.assertIn(
"style-src 'self' ajax.googleapis.com fonts.googleapis.com *.gstatic.com googletagmanager.com tagmanager.google.com *.typekit.net;",
"style-src 'self' ajax.googleapis.com fonts.googleapis.com *.gstatic.com googletagmanager.com tagmanager.google.com *.typekit.net",
rv.headers["Content-Security-Policy"],
)
self.assertIn(
"img-src 'self' img.youtube.com i.ytimg.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com;",
"img-src 'self' img.youtube.com i.ytimg.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com",
rv.headers["Content-Security-Policy"],
)

Expand All @@ -176,11 +176,11 @@ def test_talisman_custom_csp(self):

self.assertIn("Content-Security-Policy", rv.headers)
self.assertIn(
"default-src 'self' example.com;",
"default-src 'self' example.com",
rv.headers["Content-Security-Policy"],
)
self.assertIn(
"img-src 'self' img.example.com;",
"img-src 'self' img.example.com",
rv.headers["Content-Security-Policy"],
)

Expand All @@ -200,11 +200,11 @@ def test_talisman_custom_csp_with_google(self):

self.assertIn("Content-Security-Policy", rv.headers)
self.assertIn(
"default-src 'self' example.com;",
"default-src 'self' example.com",
rv.headers["Content-Security-Policy"],
)
self.assertIn(
"img-src 'self' img.example.com img.youtube.com i.ytimg.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com;",
"img-src 'self' img.example.com img.youtube.com i.ytimg.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com",
rv.headers["Content-Security-Policy"],
)

Expand Down
Loading
Loading