getphred/Phred
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
Phred/tests/Feature/SecurityTest.php

36 lines
1.1 KiB
PHP
Raw Normal View History

feat: implement M9 & M10 (CLI, Scaffolding, Security, JWT) and standardize middleware - Implement full suite of 'phred' CLI generators and utility commands (M9). - Refactor scaffolding logic to use external stubs in 'src/stubs'. - Add security hardening via SecureHeaders, Csrf, and CORS middleware (M10). - Implement JWT token issuance and validation service with lcobucci/jwt. - Integrate 'getphred/flagpole' for feature flag support. - Introduce abstract 'Middleware' base class for standardized PSR-15 implementation. - Add robust driver validation to OrmServiceProvider. - Fix JwtTokenService claims access and validation constraints. - Update MILESTONES.md status.
2025-12-22 21:52:41 +00:00
<?php
declare(strict_types=1);
namespace Phred\Tests\Feature;
use PHPUnit\Framework\TestCase;
use Phred\Http\Kernel;
use Nyholm\Psr7\ServerRequest;
class SecurityTest extends TestCase
{
public function test_secure_headers_are_present(): void
{
$kernel = new Kernel();
$request = new ServerRequest('GET', '/_phred/health');
$response = $kernel->handle($request);
$this->assertEquals('nosniff', $response->getHeaderLine('X-Content-Type-Options'));
$this->assertEquals('SAMEORIGIN', $response->getHeaderLine('X-Frame-Options'));
}
public function test_cors_headers_are_present(): void
{
$kernel = new Kernel();
// Preflight request
$request = new ServerRequest('OPTIONS', '/_phred/health');
$request = $request->withHeader('Origin', 'http://example.com')
->withHeader('Access-Control-Request-Method', 'GET');
$response = $kernel->handle($request);
$this->assertEquals('http://example.com', $response->getHeaderLine('Access-Control-Allow-Origin'));
}
}
Reference in a new issue Copy permalink