jprdonnelly/freeCodeCamp
1
0
Fork 0
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git synced 2026-01-14 12:09:12 -05:00
Code Issues Projects Releases Wiki Activity
Files
340b01ac95368d1543e7e04fb78602f010823563
freeCodeCamp/api/src/server.test.ts
Oliver Eyton-Williams c2cb818f87 chore(api): add test utilities (#50289)
2023-05-09 11:15:54 +05:30

94 lines
3.1 KiB
TypeScript
Raw Blame History

import { setupServer, superRequest } from '../jest.utils';
import { HOME_LOCATION } from './utils/env';
jest.mock('./utils/env', () => {
// eslint-disable-next-line @typescript-eslint/no-unsafe-return
return {
...jest.requireActual('./utils/env'),
// eslint-disable-next-line @typescript-eslint/naming-convention
FREECODECAMP_NODE_ENV: 'production'
};
});
describe('production', () => {
setupServer();
describe('GET /', () => {
test('have a 200 response', async () => {
const res = await superRequest('/', { method: 'GET' });
expect(res.statusCode).toBe(200);
});
test('return { "hello": "world"}', async () => {
const res = await superRequest('/', { method: 'GET' });
expect(res.body).toEqual({ hello: 'world' });
});
test('should have OWASP recommended headers', async () => {
const res = await superRequest('/', { method: 'GET' });
expect(res.headers).toMatchObject({
'cache-control': 'no-store',
'content-security-policy': "frame-ancestors 'none'",
'content-type': 'application/json; charset=utf-8',
'x-content-type-options': 'nosniff',
'x-frame-options': 'DENY',
'strict-transport-security': 'max-age=300; includeSubDomains'
});
});
test.each([
'https://www.freecodecamp.org',
'https://www.freecodecamp.dev',
'https://beta.freecodecamp.org',
'https://beta.freecodecamp.dev',
'https://chinese.freecodecamp.org',
'https://chinese.freecodecamp.dev'
])(
'should have Access-Control-Allow-Origin header for %s',
async origin => {
const res = await superRequest('/', { method: 'GET' }).set(
'origin',
origin
);
expect(res.headers).toMatchObject({
'access-control-allow-origin': origin
});
}
);
test('should have HOME_LOCATION Access-Control-Allow-Origin header for other origins', async () => {
const res = await superRequest('/', { method: 'GET' }).set(
'origin',
'https://www.google.com'
);
expect(res.headers).toMatchObject({
'access-control-allow-origin': HOME_LOCATION
});
});
test('should have Access-Control-Allow-(Headers+Credentials) headers', async () => {
const res = await superRequest('/', { method: 'GET' });
expect(res.headers).toMatchObject({
'access-control-allow-headers':
'Origin, X-Requested-With, Content-Type, Accept',
'access-control-allow-credentials': 'true'
});
});
});
describe('GET /documentation', () => {
test('should have OWASP recommended headers, except content-type', async () => {
const res = await superRequest('/documentation/static/index.html', {
method: 'GET'
});
expect(res.headers).toMatchObject({
'cache-control': 'no-store',
'content-security-policy': "frame-ancestors 'none'",
'content-type': 'text/html; charset=utf-8',
'x-content-type-options': 'nosniff',
'x-frame-options': 'DENY',
'strict-transport-security': 'max-age=300; includeSubDomains'
});
});
});
});
Reference in New Issue View Git Blame Copy Permalink