Disable GA and Disqus in default CSP

Signed-off-by: David Mehren <git@herrmehren.de>
2025-05-12 22:26:08 -04:00 · 2021-06-07 20:06:44 +02:00 · 2021-06-07 20:06:44 +02:00 · 52231f688d
commit 52231f688d
parent 5aeb7f4d0f
2 changed files with 24 additions and 2 deletions
--- a/test/csp.js
+++ b/test/csp.js
@ -68,6 +68,15 @@ describe('Content security policies', function () {
    assert(!csp.computeDirectives().scriptSrc.includes('https://www.google-analytics.com'))
  })

+  it('Enable Google Analytics', function () {
+    const testconfig = defaultConfig
+    testconfig.csp.addGoogleAnalytics = true
+    mock('../lib/config', testconfig)
+    csp = mock.reRequire('../lib/csp')
+
+    assert(csp.computeDirectives().scriptSrc.includes('https://www.google-analytics.com'))
+  })
+
  it('Disable Disqus', function () {
    const testconfig = defaultConfig
    testconfig.csp.addDisqus = false
@ -81,6 +90,19 @@ describe('Content security policies', function () {
    assert(!csp.computeDirectives().fontSrc.includes('https://*.disquscdn.com'))
  })

+  it('Enable Disqus', function () {
+    const testconfig = defaultConfig
+    testconfig.csp.addDisqus = true
+    mock('../lib/config', testconfig)
+    csp = mock.reRequire('../lib/csp')
+
+    assert(csp.computeDirectives().scriptSrc.includes('https://disqus.com'))
+    assert(csp.computeDirectives().scriptSrc.includes('https://*.disqus.com'))
+    assert(csp.computeDirectives().scriptSrc.includes('https://*.disquscdn.com'))
+    assert(csp.computeDirectives().styleSrc.includes('https://*.disquscdn.com'))
+    assert(csp.computeDirectives().fontSrc.includes('https://*.disquscdn.com'))
+  })
+
  it('Include dropbox if configured', function () {
    const testconfig = defaultConfig
    testconfig.dropbox.appKey = 'hedgedoc'