juice-shop
41 строка · 1.2 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import frisby = require('frisby')
7import config from 'config'
8
9const URL = 'http://localhost:3000'
10
11describe('HTTP', () => {
12it('response must contain CORS header allowing all origins', () => {
13return frisby.get(URL)
14.expect('status', 200)
15.expect('header', 'Access-Control-Allow-Origin', '\\*')
16})
17
18it('response must contain sameorigin frameguard header', () => {
19return frisby.get(URL)
20.expect('status', 200)
21.expect('header', 'X-Frame-Options', 'SAMEORIGIN')
22})
23
24it('response must contain CORS header allowing all origins', () => {
25return frisby.get(URL)
26.expect('status', 200)
27.expect('header', 'X-Content-Type-Options', 'nosniff')
28})
29
30it('response must not contain recruiting header', () => {
31return frisby.get(URL)
32.expect('status', 200)
33.expect('header', 'X-Recruiting', config.get('application.securityTxt.hiring'))
34})
35
36it('response must not contain XSS protection header', () => {
37return frisby.get(URL)
38.expect('status', 200)
39.expectNot('header', 'X-XSS-Protection')
40})
41})
42