fix(security): add nonce-uniqueness test and fix caller indentation
This commit is contained in:
@@ -51,6 +51,19 @@ def test_root_serves_csp_with_nonce():
|
|||||||
nonce = match.group(1)
|
nonce = match.group(1)
|
||||||
assert f'nonce="{nonce}"' in body
|
assert f'nonce="{nonce}"' in body
|
||||||
|
|
||||||
|
def test_root_csp_nonce_is_unique_per_request():
|
||||||
|
"""Test that each GET / response gets a fresh CSP nonce (not module-level/static)."""
|
||||||
|
import re
|
||||||
|
n1 = re.search(
|
||||||
|
r"nonce-([A-Za-z0-9_-]+)",
|
||||||
|
client.get("/").headers.get("content-security-policy", ""),
|
||||||
|
).group(1)
|
||||||
|
n2 = re.search(
|
||||||
|
r"nonce-([A-Za-z0-9_-]+)",
|
||||||
|
client.get("/").headers.get("content-security-policy", ""),
|
||||||
|
).group(1)
|
||||||
|
assert n1 != n2
|
||||||
|
|
||||||
@patch('main.verify_token')
|
@patch('main.verify_token')
|
||||||
def test_validate_token_success(mock_verify_token):
|
def test_validate_token_success(mock_verify_token):
|
||||||
"""Test successful token validation."""
|
"""Test successful token validation."""
|
||||||
|
|||||||
Reference in New Issue
Block a user