kunthawat/emdash-patch-imageupload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2d1be521771dd30b28f9296a0e7897b9eb0c84a6
emdash-patch-imageupload/packages/core/tests/unit/middleware/csp.test.ts
kunthawat 2d1be52177 Emdash source with visual editor image upload fix 
Fixes:
1. media.ts: wrap placeholder generation in try-catch
2. toolbar.ts: check r.ok, display error message in popover
2026-05-03 10:44:54 +07:00

31 lines
1020 B
TypeScript
Raw Blame History

import { describe, it, expect } from "vitest";
import { buildEmDashCsp } from "../../../src/astro/middleware/csp.js";
describe("buildEmDashCsp", () => {
it("includes https: in img-src to allow external images", () => {
const csp = buildEmDashCsp();
const imgSrc = csp.split("; ").find((d) => d.startsWith("img-src"));
expect(imgSrc).toContain("https:");
});
it("still includes self, data:, and blob: in img-src", () => {
const csp = buildEmDashCsp();
const imgSrc = csp.split("; ").find((d) => d.startsWith("img-src"));
expect(imgSrc).toContain("'self'");
expect(imgSrc).toContain("data:");
expect(imgSrc).toContain("blob:");
});
it("keeps connect-src restricted to self", () => {
const csp = buildEmDashCsp();
const connectSrc = csp.split("; ").find((d) => d.startsWith("connect-src"));
expect(connectSrc).toBe("connect-src 'self'");
});
it("blocks framing with frame-ancestors none", () => {
const csp = buildEmDashCsp();
expect(csp).toContain("frame-ancestors 'none'");
});
});
Reference in New Issue View Git Blame Copy Permalink