eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-04-25 17:14:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

test: cover runtime env guardrails (#1650)

Browse Source 
* fix(data): restore bootstrap and cache test coverage

* test: cover runtime env guardrails

* fix(test): align security header tests with current vercel.json

Update catch-all source pattern, geolocation policy value, and
picture-in-picture origins to match current production config.
This commit is contained in:
Elie Habib
2026-03-15 16:54:42 +04:00
committed by GitHub
parent d6f7df9746
commit bcccb3fb9c
6 changed files with 80 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tests/deploy-config.test.mjs
View File

@@ -63,7 +63,7 @@ describe('deploy/cache configuration guardrails', () => {
});
const getSecurityHeaders = () => {
const rule = vercelConfig.headers.find((entry) => entry.source === '/((?!docs).*)');
const rule = vercelConfig.headers.find((entry) => entry.source === '/(.*)');
return rule?.headers ?? [];
};
@@ -93,7 +93,7 @@ describe('security header guardrails', () => {
const expectedDisabled = [
'camera=()',
'microphone=()',
'geolocation=(self)',
'geolocation=()',
'accelerometer=()',
'bluetooth=()',
'display-capture=()',
@@ -123,11 +123,11 @@ describe('security header guardrails', () => {
`Permissions-Policy should delegate ${api} to YouTube origins`
);
}
// picture-in-picture also includes Cloudflare challenges
// picture-in-picture delegates to self + YouTube
assert.match(
policy,
/picture-in-picture=\(self "https:\/\/www\.youtube\.com" "https:\/\/www\.youtube-nocookie\.com" "https:\/\/challenges\.cloudflare\.com"\)/,
'Permissions-Policy should delegate picture-in-picture to YouTube + Cloudflare origins'
/picture-in-picture=\(self "https:\/\/www\.youtube\.com" "https:\/\/www\.youtube-nocookie\.com"\)/,
'Permissions-Policy should delegate picture-in-picture to YouTube origins'
);
});