Add spec for Content-Security-Policy: frame-src

Author: snuggs

middleware/policy.es

@@ -3,12 +3,17 @@ const
   // `default-src 'self' https://${domain};`
     = [`'none'`]
 
+, frames
+  // `frame-src 'self' https://${domain};`
+    = [`'none'`]
+
 , styles
   // `style-src 'self' 'unsafe-inline' https://cdn.example.com
     = [`'none'`]
 
 , policies = [
   , `default-src ${ defaults.join ` ` };`
+  , `frame-src ${ frames.join ` ` };`
   , `style-src ${ styles.join ` ` };`
   ]
 

middleware/policy.test

@@ -27,12 +27,26 @@ test ("Content-Security-Policy: default-src 'none'", async t => {
 })
 
 
-test ("Content-Security-Policy: frame-src 'self'")
+test.only ("Content-Security-Policy: frame-src 'self'", async t => {
+
+  const
+    server   = (new Server).serve ``
+  , response = await fetch ('http://localhost:8181/')
+  , policy   = response.headers.get ('content-security-policy')
+
+
+  t.ok ( policy.includes `frame-src 'none'` )
+
+  server.close ``
+  t.end ()
+})
+
+
 test ("Content-Security-Policy: connect-src 'self'")
 test ("Content-Security-Policy: img-src 'self' https://cdn.example.com")
 
 
-test.only ("Content-Security-Policy: style-src 'none'", async t => {
+test ("Content-Security-Policy: style-src 'none'", async t => {
 
   const
     server   = (new Server).serve ``