mux/middleware/helmet_test.go

package middleware

import (
	"net/http"
	"net/http/httptest"
	"testing"

	"gitserver.in/patialtech/mux"
)

func TestHelmet(t *testing.T) {
	r := mux.NewRouter()
	r.Get("/hello", func(writer http.ResponseWriter, request *http.Request) {
		_, _ = writer.Write([]byte("hello there"))
	})

	endpoint := httptest.NewRequest(http.MethodGet, "/hello", nil)

	// test endpoint registered/reachable
	w := httptest.NewRecorder()
	r.ServeHTTP(w, endpoint)
	if w.Code != http.StatusOK {
		t.Error("not expecting status", w.Code)
		return
	}

	// no header test
	w = httptest.NewRecorder()
	r.ServeHTTP(w, endpoint)
	csp := w.Header().Get("Content-Security-Policy")
	// must not have a csp header, technically no header related to helmet but lets test with one.
	if csp != "" {
		t.Error("csp header not expected")
	}

	// introduce helmet middleware
	r.Use(Helmet(HelmetOption{}))

	// header tests..
	w = httptest.NewRecorder()
	r.ServeHTTP(w, endpoint)
	// csp and other headers are expected
	csp = w.Header().Get("Content-Security-Policy")
	// fmt.Printf("csp %s", csp)
	if csp == "" {
		t.Error("csp header missing")
	}

	// TODO need more tests
}