giles
bd1e78c40f
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 38s
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
95 lines
3.1 KiB
Plaintext
95 lines
3.1 KiB
Plaintext
;; lib/dream/tests/headers.sx — security headers + cache-control.
|
|
|
|
(define dream-hd-pass 0)
|
|
(define dream-hd-fail 0)
|
|
(define dream-hd-fails (list))
|
|
|
|
(define
|
|
dream-hd-test
|
|
(fn
|
|
(name actual expected)
|
|
(if
|
|
(= actual expected)
|
|
(set! dream-hd-pass (+ dream-hd-pass 1))
|
|
(begin
|
|
(set! dream-hd-fail (+ dream-hd-fail 1))
|
|
(append! dream-hd-fails {:name name :actual actual :expected expected})))))
|
|
|
|
(define dream-hd-h (fn (req) (dream-text "body")))
|
|
(define dream-hd-req (dream-request "GET" "/" {} ""))
|
|
|
|
;; ── security headers ───────────────────────────────────────────────
|
|
(define dream-hd-sec ((dream-security-headers dream-hd-h) dream-hd-req))
|
|
(dream-hd-test
|
|
"nosniff"
|
|
(dream-resp-header dream-hd-sec "x-content-type-options")
|
|
"nosniff")
|
|
(dream-hd-test
|
|
"frame deny"
|
|
(dream-resp-header dream-hd-sec "x-frame-options")
|
|
"DENY")
|
|
(dream-hd-test
|
|
"referrer policy"
|
|
(dream-resp-header dream-hd-sec "referrer-policy")
|
|
"no-referrer")
|
|
(dream-hd-test
|
|
"no hsts by default"
|
|
(dream-resp-header dream-hd-sec "strict-transport-security")
|
|
nil)
|
|
(dream-hd-test "body preserved" (dream-resp-body dream-hd-sec) "body")
|
|
|
|
(define
|
|
dream-hd-hsts
|
|
((dream-security-headers-with (assoc dream-security-defaults :hsts true))
|
|
dream-hd-h))
|
|
(dream-hd-test
|
|
"hsts when enabled"
|
|
(contains?
|
|
(dream-resp-header
|
|
(dream-hd-hsts dream-hd-req)
|
|
"strict-transport-security")
|
|
"max-age=31536000")
|
|
true)
|
|
|
|
;; ── cache-control ──────────────────────────────────────────────────
|
|
(dream-hd-test
|
|
"cache public"
|
|
(dream-resp-header
|
|
(dream-cache (dream-text "x") 60)
|
|
"cache-control")
|
|
"public, max-age=60")
|
|
(dream-hd-test
|
|
"private cache"
|
|
(dream-resp-header
|
|
(dream-private-cache (dream-text "x") 30)
|
|
"cache-control")
|
|
"private, max-age=30")
|
|
(dream-hd-test
|
|
"no-store"
|
|
(dream-resp-header (dream-no-store (dream-text "x")) "cache-control")
|
|
"no-store")
|
|
(dream-hd-test
|
|
"no-cache"
|
|
(dream-resp-header (dream-no-cache (dream-text "x")) "cache-control")
|
|
"no-cache, no-store, must-revalidate")
|
|
|
|
;; ── cache middleware ───────────────────────────────────────────────
|
|
(define dream-hd-capp ((dream-cache-for 300) dream-hd-h))
|
|
(dream-hd-test
|
|
"cache-for stamps"
|
|
(dream-resp-header (dream-hd-capp dream-hd-req) "cache-control")
|
|
"public, max-age=300")
|
|
|
|
;; ── composes around a router ───────────────────────────────────────
|
|
(define
|
|
dream-hd-app
|
|
(dream-security-headers
|
|
(dream-router
|
|
(list (dream-get "/" (fn (req) (dream-html "<p>hi</p>")))))))
|
|
(dream-hd-test
|
|
"router security header"
|
|
(dream-resp-header (dream-hd-app dream-hd-req) "x-frame-options")
|
|
"DENY")
|
|
|
|
(define dream-hd-tests-run! (fn () {:total (+ dream-hd-pass dream-hd-fail) :passed dream-hd-pass :failed dream-hd-fail :fails dream-hd-fails}))
|