https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38365
--- Comment #235 from Lari Taskula <[email protected]> --- Thanks Jonathan for taking a look at this :) (In reply to Jonathan Druart from comment #234) > (In reply to Jonathan Druart from comment #232) > > 3. Is there a good reason to use Plack::Test in > > t/db_dependent/Koha/Middleware/ContentSecurityPolicy.t? IMO we should have a > > Cypress test. > > Oh, it won't work with Cypress because you want to mock the config. I was initially looking for a way to test the feature without actually enabling the CSP middleware outside of this test. The initial plan was to enable CSP for OPAC alone. As this Bug evolved we are now activating the middleware in both interfaces (although not yet enabling the feature of course). As for why not cypress tests in particular, I have simply not written them before and am not aware of its limitations. As long as we can test this with different configurations coming namely from KOHA_CONF, I'm not demanding to use any particular testing framework. I can see cypress tests being very useful for verifying the absence of CSP errors on various different pages in Koha. > 13. I didn't manage to see something in the violation logs. I enabled > dom.reporting.* in about:config, what else is needed? Is that Firefox? Firefox only supports report-uri (not report-to + Reporting-Endpoints response header) so first make sure that report-uri is defined in your KOHA_CONF. Also https should be enabled for the browsers to become willing to send reports. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
