summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli/test_vpn_openconnect.py
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2023-12-16 17:30:32 +0200
committerGitHub <noreply@github.com>2023-12-16 17:30:32 +0200
commitd5375ce02376a91c07ec68f8d410a08dcdc57ef9 (patch)
tree50338dd2a1843e4ad58b634c195b3239e37c6e98 /smoketest/scripts/cli/test_vpn_openconnect.py
parent9afd896937ba25dcbc03c6b217e08fcd80494c08 (diff)
parent1d6ba2cd7ceccb85803bbb575c4f344d63a0fa4f (diff)
downloadvyos-1x-d5375ce02376a91c07ec68f8d410a08dcdc57ef9.tar.gz
vyos-1x-d5375ce02376a91c07ec68f8d410a08dcdc57ef9.zip
Merge pull request #2645 from vyos/mergify/bp/sagitta/pr-2644
ocserv: T5796: add CLI knob "http-security-headers" (backport #2644)
Diffstat (limited to 'smoketest/scripts/cli/test_vpn_openconnect.py')
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_openconnect.py21
1 files changed, 21 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py
index 04abeb1aa..c4502fada 100755
--- a/smoketest/scripts/cli/test_vpn_openconnect.py
+++ b/smoketest/scripts/cli/test_vpn_openconnect.py
@@ -141,5 +141,26 @@ class TestVPNOpenConnect(VyOSUnitTestSHIM.TestCase):
otp_config = read_file(otp_file)
self.assertIn(f'HOTP/T30/6 {user} - {otp}', otp_config)
+
+ # Verify HTTP security headers
+ self.cli_set(base_path + ['http-security-headers'])
+ self.cli_commit()
+
+ daemon_config = read_file(config_file)
+
+ self.assertIn('included-http-headers = Strict-Transport-Security: max-age=31536000 ; includeSubDomains', daemon_config)
+ self.assertIn('included-http-headers = X-Frame-Options: deny', daemon_config)
+ self.assertIn('included-http-headers = X-Content-Type-Options: nosniff', daemon_config)
+ self.assertIn('included-http-headers = Content-Security-Policy: default-src "none"', daemon_config)
+ self.assertIn('included-http-headers = X-Permitted-Cross-Domain-Policies: none', daemon_config)
+ self.assertIn('included-http-headers = Referrer-Policy: no-referrer', daemon_config)
+ self.assertIn('included-http-headers = Clear-Site-Data: "cache","cookies","storage"', daemon_config)
+ self.assertIn('included-http-headers = Cross-Origin-Embedder-Policy: require-corp', daemon_config)
+ self.assertIn('included-http-headers = Cross-Origin-Opener-Policy: same-origin', daemon_config)
+ self.assertIn('included-http-headers = Cross-Origin-Resource-Policy: same-origin', daemon_config)
+ self.assertIn('included-http-headers = X-XSS-Protection: 0', daemon_config)
+ self.assertIn('included-http-headers = Pragma: no-cache', daemon_config)
+ self.assertIn('included-http-headers = Cache-control: no-store, no-cache', daemon_config)
+
if __name__ == '__main__':
unittest.main(verbosity=2)