fix(security): add nonce-uniqueness test and fix caller indentation

This commit is contained in:
2026-07-08 13:57:28 +02:00
parent 284e685ed3
commit 1a807cfeb4
2 changed files with 14 additions and 1 deletions
+13
View File
@@ -51,6 +51,19 @@ def test_root_serves_csp_with_nonce():
nonce = match.group(1)
assert f'nonce="{nonce}"' in body
def test_root_csp_nonce_is_unique_per_request():
"""Test that each GET / response gets a fresh CSP nonce (not module-level/static)."""
import re
n1 = re.search(
r"nonce-([A-Za-z0-9_-]+)",
client.get("/").headers.get("content-security-policy", ""),
).group(1)
n2 = re.search(
r"nonce-([A-Za-z0-9_-]+)",
client.get("/").headers.get("content-security-policy", ""),
).group(1)
assert n1 != n2
@patch('main.verify_token')
def test_validate_token_success(mock_verify_token):
"""Test successful token validation."""