Content Security Policy (#5790)

* Adding CSP headers. * Adding Content-Security-Policy headers. * Fixing test. * CSP in ws server responses.
2017-06-28 09:12:02 +02:00
parent 57626b60e7
commit c7a043b864
5 changed files with 52 additions and 7 deletions
--- a/devtools/src/http_client.rs
+++ b/devtools/src/http_client.rs
@@ -121,4 +121,8 @@ pub fn assert_security_headers_present(headers: &[String], port: Option<u16>) {
 		headers.iter().find(|header|  header.as_str() == "X-Content-Type-Options: nosniff").is_some(),
 		"X-Content-Type-Options missing: {:?}", headers
 	);
+	assert!(
+		headers.iter().find(|header| header.starts_with("Content-Security-Policy: ")).is_some(),
+		"Content-Security-Policy missing: {:?}", headers
+	)
 }