Skip to content

Commit

Permalink
fix(proxy): omit CSP report only header (#7936)
Browse files Browse the repository at this point in the history 
Co-authored-by: Jennifer Shehane <jennifer@cypress.io>
  • Loading branch information
@sdemjanenko @jennifer-shehane
sdemjanenko and jennifer-shehane authored Sep 25, 2020
1 parent e9854c0 commit f4a6c80
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
1 change: 1 addition & 0 deletions packages/proxy/lib/http/response-middleware.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,6 +300,7 @@ const OmitProblematicHeaders: ResponseMiddleware = function () {
'x-frame-options',
'content-length',
'content-security-policy',
'content-security-policy-report-only',
'connection',
])

Expand Down
21 changes: 21 additions & 0 deletions packages/server/test/integration/http_requests_spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2014,6 +2014,27 @@ describe('Routes', () => {
})
})

it('omits content-security-policy-report-only', function () {
nock(this.server._remoteOrigin)
.get('/bar')
.reply(200, 'OK', {
'Content-Type': 'text/html',
'content-security-policy-report-only': 'foobar;',
})

return this.rp({
url: 'http://localhost:8080/bar',
headers: {
'Cookie': '__cypress.initial=false',
},
})
.then((res) => {
expect(res.statusCode).to.eq(200)

expect(res.headers).not.to.have.property('content-security-policy-report-only')
})
})

it('omits document-domain from Feature-Policy header', function () {
nock(this.server._remoteOrigin)
.get('/bar')
Expand Down

4 comments on commit f4a6c80

@cypress-bot
Copy link
Contributor

@cypress-bot cypress-bot bot commented on f4a6c80 Sep 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Circle has built the linux x64 version of the Test Runner.

Learn more about this pre-release platform-specific build at https://on.cypress.io/installing-cypress#Install-pre-release-version.

Run this command to install the pre-release locally:

npm install https://cdn.cypress.io/beta/npm/4.3.0/circle-develop-f4a6c80966061e638aa6b2a0346d660301bd4c5f/cypress.tgz

@cypress-bot
Copy link
Contributor

@cypress-bot cypress-bot bot commented on f4a6c80 Sep 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AppVeyor has built the win32 x64 version of the Test Runner.

Learn more about this pre-release platform-specific build at https://on.cypress.io/installing-cypress#Install-pre-release-version.

Run this command to install the pre-release locally:

npm install https://cdn.cypress.io/beta/npm/5.3.0/appveyor-develop-f4a6c80966061e638aa6b2a0346d660301bd4c5f/cypress.tgz

@cypress-bot
Copy link
Contributor

@cypress-bot cypress-bot bot commented on f4a6c80 Sep 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AppVeyor has built the win32 ia32 version of the Test Runner.

Learn more about this pre-release platform-specific build at https://on.cypress.io/installing-cypress#Install-pre-release-version.

Run this command to install the pre-release locally:

npm install https://cdn.cypress.io/beta/npm/5.3.0/appveyor-develop-f4a6c80966061e638aa6b2a0346d660301bd4c5f/cypress.tgz

@cypress-bot
Copy link
Contributor

@cypress-bot cypress-bot bot commented on f4a6c80 Sep 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Circle has built the darwin x64 version of the Test Runner.

Learn more about this pre-release platform-specific build at https://on.cypress.io/installing-cypress#Install-pre-release-version.

Run this command to install the pre-release locally:

npm install https://cdn.cypress.io/beta/npm/4.3.0/circle-develop-f4a6c80966061e638aa6b2a0346d660301bd4c5f/cypress.tgz

Please sign in to comment.