Skip to content

Commit

Permalink
Simplified and fixed test for COEP header value validity
Browse files Browse the repository at this point in the history
  • Loading branch information
@GaProgMan
GaProgMan committed Dec 31, 2024
1 parent d1fb5a5 commit 7491a0b
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 1 deletion.
24 changes: 24 additions & 0 deletions src/Models/CrossOriginEmbedderPolicy.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,4 +70,28 @@ public string BuildHeaderValue()
return RequireCorp;
}
}

/// <summary>
/// Used to calculate whether the current header value is valid
/// </summary>
/// <param name="useCrossOriginResourcePolicy">
/// Whether the CORP header is included in the outer setup
/// </param>
/// <remarks>
/// The value for this header is only invalid if the CORP (Cross-Origin-Resource-Policy) header
/// is enabled and the current value for the COEP (Cross-Origin-Embedder-Policy) hedaer is set to
/// <see cref="RequireCorp"/>
/// </remarks>
public bool HeaderValueIsValid(bool useCrossOriginResourcePolicy)
{
if (OptionValue == CrossOriginEmbedderOptions.RequireCorp)
{
if (!useCrossOriginResourcePolicy)
{
return false;
}
}

return true;
}
}
2 changes: 1 addition & 1 deletion src/SecureHeadersMiddleware.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ private FrozenDictionary<string, string> GenerateRelevantHeaders()

if (_config.UseCrossOriginEmbedderPolicy)
{
if (!_config.UseCrossOriginResourcePolicy)
if (!_config.CrossOriginEmbedderPolicy.HeaderValueIsValid(_config.UseCrossOriginResourcePolicy))
{
BoolValueGuardClauses.MustBeTrue(_config.UseCrossOriginResourcePolicy, nameof(_config.UseCrossOriginResourcePolicy));
}
Expand Down
31 changes: 31 additions & 0 deletions tests/OwaspHeaders.Core.Tests/CustomHeaders/CrossOriginOptionsTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,5 +135,36 @@ public async Task When_UseCrossOriginEmbedderPolicyNotCalled_Header_Not_Present(
Assert.False(headerNotPresentConfig.UseCrossOriginEmbedderPolicy);
Assert.False(_context.Response.Headers.ContainsKey(Constants.CrossOriginEmbedderPolicyHeaderName));
}

[Theory]
[InlineData(CrossOriginEmbedderPolicy.CrossOriginEmbedderOptions.RequireCorp)]
[InlineData(CrossOriginEmbedderPolicy.CrossOriginEmbedderOptions.UnsafeNone)]
public void CrossOriginEmbedderPolicy_HeaderValueIsValid_Returns_True_When_HeaderIsValid(CrossOriginEmbedderPolicy.CrossOriginEmbedderOptions headerValue)
{
// Arrange
var header = new CrossOriginEmbedderPolicy(headerValue);
const bool useCorp = true;

// Act
var valid = header.HeaderValueIsValid(useCorp);

// Assert
Assert.True(valid);
}

[Fact]
public void CrossOriginEmbedderPolicy_HeaderValueIsValid_Returns_False_When_HeaderIsInvalid()
{
// Arrange
var header = new CrossOriginEmbedderPolicy(CrossOriginEmbedderPolicy.CrossOriginEmbedderOptions.RequireCorp);
var useCorp = false;

// Act
var valid = header.HeaderValueIsValid(useCorp);

// Assert
Assert.False(valid);
}

}

0 comments on commit 7491a0b

Please sign in to comment.