juice-shop
41 строка · 1.2 Кб
1/*2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.3* SPDX-License-Identifier: MIT4*/5import frisby = require('frisby')7import config from 'config'8const URL = 'http://localhost:3000'10describe('HTTP', () => {12it('response must contain CORS header allowing all origins', () => {13return frisby.get(URL)14.expect('status', 200)15.expect('header', 'Access-Control-Allow-Origin', '\\*')16})17it('response must contain sameorigin frameguard header', () => {19return frisby.get(URL)20.expect('status', 200)21.expect('header', 'X-Frame-Options', 'SAMEORIGIN')22})23it('response must contain CORS header allowing all origins', () => {25return frisby.get(URL)26.expect('status', 200)27.expect('header', 'X-Content-Type-Options', 'nosniff')28})29it('response must not contain recruiting header', () => {31return frisby.get(URL)32.expect('status', 200)33.expect('header', 'X-Recruiting', config.get('application.securityTxt.hiring'))34})35it('response must not contain XSS protection header', () => {37return frisby.get(URL)38.expect('status', 200)39.expectNot('header', 'X-XSS-Protection')40})41})42