-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Expand file tree
/
Copy pathassertions.js
More file actions
61 lines (55 loc) · 1.31 KB
/
assertions.js
File metadata and controls
61 lines (55 loc) · 1.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
/**
* Custom assertions and validation helpers
*/
/**
* Validate response headers for security
* @param {Response} response - Response to validate
* @returns {{passed: boolean, missing: string[], present: string[]}} Validation results
*/
export function validateSecurityHeaders(response) {
const requiredHeaders = [
'Strict-Transport-Security',
'X-Frame-Options',
'X-XSS-Protection',
'Content-Security-Policy',
'Referrer-Policy'
];
const results = {
passed: true,
/** @type {string[]} */
missing: [],
/** @type {string[]} */
present: []
};
requiredHeaders.forEach(header => {
if (response.headers.has(header)) {
results.present.push(header);
} else {
results.missing.push(header);
results.passed = false;
}
});
return results;
}
/**
* Assert that a URL is valid
* @param {string} url - URL to validate
* @returns {boolean} True if valid
*/
export function isValidUrl(url) {
try {
new URL(url);
return true;
} catch {
return false;
}
}
/**
* Assert that response has security headers
* @param {Response} response - Response to check
* @returns {boolean} True if has all security headers
*/
export function hasSecurityHeaders(response) {
const validation = validateSecurityHeaders(response);
return validation.passed;
}