Add tests for security HTTP headers

oguzhalit · Sep 3, 2016 · 2c33912 · 2c33912
1 parent fbcc987
commit 2c33912
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/test/server/httpSpec.js b/test/server/httpSpec.js
@@ -5,7 +5,19 @@ var frisby = require('frisby');
 var URL = 'http:https://localhost:3000';
 
 frisby.create('GET response must contain CORS header allowing all origins')
- .get(URL + "/dist/juice-shop.min.js")
+ .get(URL)
  .expectStatus(200)
  .expectHeaderContains('Access-Control-Allow-Origin', '*')
+ .toss();
+
+frisby.create('GET response must contain sameorigin frameguard header')
+ .get(URL)
+ .expectStatus(200)
+ .expectHeaderContains('X-Frame-Options', 'sameorigin')
+ .toss();
+
+frisby.create('GET response must contain nosniff content type header')
+ .get(URL)
+ .expectStatus(200)
+ .expectHeaderContains('X-Content-Type-Options', 'nosniff')
  .toss();