52 lines
1.6 KiB
PHP
52 lines
1.6 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace Phred\Tests\Feature;
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
use Phred\Http\Kernel;
|
|
use Nyholm\Psr7\ServerRequest;
|
|
|
|
class SecurityTest extends TestCase
|
|
{
|
|
public function test_secure_headers_are_present(): void
|
|
{
|
|
$kernel = new Kernel();
|
|
$request = new ServerRequest('GET', '/_phred/health');
|
|
|
|
$response = $kernel->handle($request);
|
|
|
|
$this->assertEquals('nosniff', $response->getHeaderLine('X-Content-Type-Options'));
|
|
$this->assertEquals('SAMEORIGIN', $response->getHeaderLine('X-Frame-Options'));
|
|
}
|
|
|
|
public function test_cors_headers_are_present(): void
|
|
{
|
|
$kernel = new Kernel();
|
|
// Preflight request
|
|
$request = new ServerRequest('OPTIONS', '/_phred/health');
|
|
$request = $request->withHeader('Origin', 'http://example.com')
|
|
->withHeader('Access-Control-Request-Method', 'GET');
|
|
|
|
$response = $kernel->handle($request);
|
|
|
|
$this->assertEquals('http://example.com', $response->getHeaderLine('Access-Control-Allow-Origin'));
|
|
}
|
|
|
|
public function testProfilingHeadersPresentInDebug(): void
|
|
{
|
|
putenv('APP_DEBUG=true');
|
|
$_ENV['APP_DEBUG'] = 'true';
|
|
$_SERVER['APP_DEBUG'] = 'true';
|
|
\Phred\Support\Config::clear();
|
|
$kernel = new Kernel();
|
|
$request = new ServerRequest('GET', '/_phred/health');
|
|
|
|
$response = $kernel->handle($request);
|
|
|
|
$this->assertTrue($response->hasHeader('X-Phred-Timings'));
|
|
$timings = json_decode($response->getHeaderLine('X-Phred-Timings'), true);
|
|
$this->assertIsArray($timings);
|
|
}
|
|
}
|