secure_headers 7.0.0 → 7.1.0

data/spec/lib/secure_headers/configuration_spec.rb

@@ -1,121 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-
-module SecureHeaders
-  describe Configuration do
-    before(:each) do
-      reset_config
-    end
-
-    it "has a default config" do
-      expect(Configuration.default).to_not be_nil
-    end
-
-    it "has an 'noop' override" do
-      Configuration.default
-      expect(Configuration.overrides(Configuration::NOOP_OVERRIDE)).to_not be_nil
-    end
-
-    it "dup results in a copy of the default config" do
-      Configuration.default
-      original_configuration = Configuration.send(:default_config)
-      configuration = Configuration.dup
-      expect(original_configuration).not_to be(configuration)
-      Configuration::CONFIG_ATTRIBUTES.each do |attr|
-        expect(original_configuration.send(attr)).to eq(configuration.send(attr))
-      end
-    end
-
-    it "stores an override" do
-      Configuration.override(:test_override) do |config|
-        config.x_frame_options = "DENY"
-      end
-
-      expect(Configuration.overrides(:test_override)).to_not be_nil
-    end
-
-    describe "#override" do
-      it "raises on configuring an existing override" do
-        set_override = Proc.new {
-          Configuration.override(:test_override) do |config|
-            config.x_frame_options = "DENY"
-          end
-        }
-
-        set_override.call
-
-        expect { set_override.call }
-          .to raise_error(Configuration::AlreadyConfiguredError, "Configuration already exists")
-      end
-
-      it "raises when a named append with the given name exists" do
-        Configuration.named_append(:test_override) do |config|
-          config.x_frame_options = "DENY"
-        end
-
-        expect do
-          Configuration.override(:test_override) do |config|
-            config.x_frame_options = "SAMEORIGIN"
-          end
-        end.to raise_error(Configuration::AlreadyConfiguredError, "Configuration already exists")
-      end
-    end
-
-    describe "#named_append" do
-      it "raises on configuring an existing append" do
-        set_override = Proc.new {
-          Configuration.named_append(:test_override) do |config|
-            config.x_frame_options = "DENY"
-          end
-        }
-
-        set_override.call
-
-        expect { set_override.call }
-          .to raise_error(Configuration::AlreadyConfiguredError, "Configuration already exists")
-      end
-
-      it "raises when an override with the given name exists" do
-        Configuration.override(:test_override) do |config|
-          config.x_frame_options = "DENY"
-        end
-
-        expect do
-          Configuration.named_append(:test_override) do |config|
-            config.x_frame_options = "SAMEORIGIN"
-          end
-        end.to raise_error(Configuration::AlreadyConfiguredError, "Configuration already exists")
-      end
-    end
-
-    it "deprecates the secure_cookies configuration" do
-      expect {
-        Configuration.default do |config|
-          config.secure_cookies = true
-        end
-      }.to raise_error(ArgumentError)
-    end
-
-    it "gives cookies a default config" do
-      expect(Configuration.default.cookies).to eq({httponly: true, secure: true, samesite: {lax: true}})
-    end
-
-    it "allows OPT_OUT" do
-      Configuration.default do |config|
-        config.cookies = OPT_OUT
-      end
-
-      config = Configuration.dup
-      expect(config.cookies).to eq(OPT_OUT)
-    end
-
-    it "allows me to be explicit too" do
-      Configuration.default do |config|
-        config.cookies = {httponly: true, secure: true, samesite: {lax: false}}
-      end
-
-      config = Configuration.dup
-      expect(config.cookies).to eq({httponly: true, secure: true, samesite: {lax: false}})
-    end
-  end
-end

data/spec/lib/secure_headers/headers/clear_site_data_spec.rb

@@ -1,87 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-
-module SecureHeaders
-  describe ClearSiteData do
-    describe "make_header" do
-      it "returns nil with nil config" do
-        expect(described_class.make_header).to be_nil
-      end
-
-      it "returns nil with empty config" do
-        expect(described_class.make_header([])).to be_nil
-      end
-
-      it "returns nil with opt-out config" do
-        expect(described_class.make_header(OPT_OUT)).to be_nil
-      end
-
-      it "returns all types with `true` config" do
-        name, value = described_class.make_header(true)
-
-        expect(name).to eq(ClearSiteData::HEADER_NAME)
-        expect(value).to eq(
-          %("cache", "cookies", "storage", "executionContexts")
-        )
-      end
-
-      it "returns specified types" do
-        name, value = described_class.make_header(["foo", "bar"])
-
-        expect(name).to eq(ClearSiteData::HEADER_NAME)
-        expect(value).to eq(%("foo", "bar"))
-      end
-    end
-
-    describe "validate_config!" do
-      it "succeeds for `true` config" do
-        expect do
-          described_class.validate_config!(true)
-        end.not_to raise_error
-      end
-
-      it "succeeds for `nil` config" do
-        expect do
-          described_class.validate_config!(nil)
-        end.not_to raise_error
-      end
-
-      it "succeeds for opt-out config" do
-        expect do
-          described_class.validate_config!(OPT_OUT)
-        end.not_to raise_error
-      end
-
-      it "succeeds for empty config" do
-        expect do
-          described_class.validate_config!([])
-        end.not_to raise_error
-      end
-
-      it "succeeds for Array of Strings config" do
-        expect do
-          described_class.validate_config!(["foo"])
-        end.not_to raise_error
-      end
-
-      it "fails for Array of non-String config" do
-        expect do
-          described_class.validate_config!([1])
-        end.to raise_error(ClearSiteDataConfigError)
-      end
-
-      it "fails for other types of config" do
-        expect do
-          described_class.validate_config!(:cookies)
-        end.to raise_error(ClearSiteDataConfigError)
-      end
-    end
-
-    describe "make_header_value" do
-      it "returns a string of quoted values that are comma separated" do
-        value = described_class.make_header_value(["foo", "bar"])
-        expect(value).to eq(%("foo", "bar"))
-      end
-    end
-  end
-end

data/spec/lib/secure_headers/headers/content_security_policy_spec.rb

@@ -1,215 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-
-module SecureHeaders
-  describe ContentSecurityPolicy do
-    let (:default_opts) do
-      {
-        default_src: %w(https:),
-        img_src: %w(https: data:),
-        script_src: %w('unsafe-inline' 'unsafe-eval' https: data:),
-        style_src: %w('unsafe-inline' https: about:),
-        report_uri: %w(/csp_report)
-      }
-    end
-
-    describe "#name" do
-      context "when in report-only mode" do
-        specify { expect(ContentSecurityPolicy.new(default_opts.merge(report_only: true)).name).to eq(ContentSecurityPolicyReportOnlyConfig::HEADER_NAME) }
-      end
-
-      context "when in enforce mode" do
-        specify { expect(ContentSecurityPolicy.new(default_opts).name).to eq(ContentSecurityPolicyConfig::HEADER_NAME) }
-      end
-    end
-
-    describe "#value" do
-      it "uses a safe but non-breaking default value" do
-        expect(ContentSecurityPolicy.new.value).to eq("default-src https:; form-action 'self'; img-src https: data: 'self'; object-src 'none'; script-src https:; style-src 'self' 'unsafe-inline' https:")
-      end
-
-      it "deprecates and escapes semicolons in directive source lists" do
-        expect(Kernel).to receive(:warn).with(%(frame_ancestors contains a ; in "google.com;script-src *;.;" which will raise an error in future versions. It has been replaced with a blank space.))
-        expect(ContentSecurityPolicy.new(frame_ancestors: %w(https://google.com;script-src https://*;.;)).value).to eq("frame-ancestors google.com script-src * .")
-      end
-
-      it "deprecates and escapes semicolons in directive source lists" do
-        expect(Kernel).to receive(:warn).with(%(frame_ancestors contains a \n in "\\nfoo.com\\nhacked" which will raise an error in future versions. It has been replaced with a blank space.))
-        expect(ContentSecurityPolicy.new(frame_ancestors: ["\nfoo.com\nhacked"]).value).to eq("frame-ancestors  foo.com hacked")
-      end
-
-      it "discards 'none' values if any other source expressions are present" do
-        csp = ContentSecurityPolicy.new(default_opts.merge(child_src: %w('self' 'none')))
-        expect(csp.value).not_to include("'none'")
-      end
-
-      it "discards source expressions (besides unsafe-* and non-host source values) when * is present" do
-        csp = ContentSecurityPolicy.new(default_src: %w(* 'unsafe-inline' 'unsafe-eval' http: https: example.org data: blob:))
-        expect(csp.value).to eq("default-src * 'unsafe-inline' 'unsafe-eval' data: blob:")
-      end
-
-      it "does not minify source expressions based on overlapping wildcards" do
-        config = {
-          default_src: %w(a.example.org b.example.org *.example.org https://*.example.org)
-        }
-        csp = ContentSecurityPolicy.new(config)
-        expect(csp.value).to eq("default-src a.example.org b.example.org *.example.org")
-      end
-
-      it "removes http/s schemes from hosts" do
-        csp = ContentSecurityPolicy.new(default_src: %w(https://example.org))
-        expect(csp.value).to eq("default-src example.org")
-      end
-
-      it "does not build directives with a value of OPT_OUT (and bypasses directive requirements)" do
-        csp = ContentSecurityPolicy.new(default_src: %w(https://example.org), script_src: OPT_OUT)
-        expect(csp.value).to eq("default-src example.org")
-      end
-
-      it "does not remove schemes from report-uri values" do
-        csp = ContentSecurityPolicy.new(default_src: %w(https:), report_uri: %w(https://example.org))
-        expect(csp.value).to eq("default-src https:; report-uri https://example.org")
-      end
-
-      it "does not remove schemes when :preserve_schemes is true" do
-        csp = ContentSecurityPolicy.new(default_src: %w(https://example.org), preserve_schemes: true)
-        expect(csp.value).to eq("default-src https://example.org")
-      end
-
-      it "removes nil from source lists" do
-        csp = ContentSecurityPolicy.new(default_src: ["https://example.org", nil])
-        expect(csp.value).to eq("default-src example.org")
-      end
-
-      it "does not add a directive if the value is an empty array (or all nil)" do
-        csp = ContentSecurityPolicy.new(default_src: ["https://example.org"], script_src: [nil])
-        expect(csp.value).to eq("default-src example.org")
-      end
-
-      it "does not add a directive if the value is nil" do
-        csp = ContentSecurityPolicy.new(default_src: ["https://example.org"], script_src: nil)
-        expect(csp.value).to eq("default-src example.org")
-      end
-
-      it "does add a boolean directive if the value is true" do
-        csp = ContentSecurityPolicy.new(default_src: ["https://example.org"], upgrade_insecure_requests: true)
-        expect(csp.value).to eq("default-src example.org; upgrade-insecure-requests")
-      end
-
-      it "does not add a boolean directive if the value is false" do
-        csp = ContentSecurityPolicy.new(default_src: ["https://example.org"], upgrade_insecure_requests: false)
-        expect(csp.value).to eq("default-src example.org")
-      end
-
-      it "handles wildcard subdomain with wildcard port" do
-        csp = ContentSecurityPolicy.new(default_src: %w(https://*.example.org:*))
-        expect(csp.value).to eq("default-src *.example.org:*")
-      end
-
-      it "deduplicates source expressions that match exactly (after scheme stripping)" do
-        csp = ContentSecurityPolicy.new(default_src: %w(example.org https://example.org example.org))
-        expect(csp.value).to eq("default-src example.org")
-      end
-
-      it "does not deduplicate non-matching schema source expressions" do
-        csp = ContentSecurityPolicy.new(default_src: %w(*.example.org wss://example.example.org))
-        expect(csp.value).to eq("default-src *.example.org wss://example.example.org")
-      end
-
-      it "creates maximally strict sandbox policy when passed no sandbox token values" do
-        csp = ContentSecurityPolicy.new(default_src: %w(example.org), sandbox: [])
-        expect(csp.value).to eq("default-src example.org; sandbox")
-      end
-
-      it "creates maximally strict sandbox policy when passed true" do
-        csp = ContentSecurityPolicy.new(default_src: %w(example.org), sandbox: true)
-        expect(csp.value).to eq("default-src example.org; sandbox")
-      end
-
-      it "creates sandbox policy when passed valid sandbox token values" do
-        csp = ContentSecurityPolicy.new(default_src: %w(example.org), sandbox: %w(allow-forms allow-scripts))
-        expect(csp.value).to eq("default-src example.org; sandbox allow-forms allow-scripts")
-      end
-
-      it "does not emit a warning when using frame-src" do
-        expect(Kernel).to_not receive(:warn)
-        ContentSecurityPolicy.new(default_src: %w('self'), frame_src: %w('self')).value
-      end
-
-      it "allows script as a require-sri-src" do
-        csp = ContentSecurityPolicy.new(default_src: %w('self'), require_sri_for: %w(script))
-        expect(csp.value).to eq("default-src 'self'; require-sri-for script")
-      end
-
-      it "allows style as a require-sri-src" do
-        csp = ContentSecurityPolicy.new(default_src: %w('self'), require_sri_for: %w(style))
-        expect(csp.value).to eq("default-src 'self'; require-sri-for style")
-      end
-
-      it "allows script and style as a require-sri-src" do
-        csp = ContentSecurityPolicy.new(default_src: %w('self'), require_sri_for: %w(script style))
-        expect(csp.value).to eq("default-src 'self'; require-sri-for script style")
-      end
-
-      it "allows style as a require-trusted-types-for source" do
-        csp = ContentSecurityPolicy.new(default_src: %w('self'), require_trusted_types_for: %w(script))
-        expect(csp.value).to eq("default-src 'self'; require-trusted-types-for script")
-      end
-
-      it "includes prefetch-src" do
-        csp = ContentSecurityPolicy.new(default_src: %w('self'), prefetch_src: %w(foo.com))
-        expect(csp.value).to eq("default-src 'self'; prefetch-src foo.com")
-      end
-
-      it "includes navigate-to" do
-        csp = ContentSecurityPolicy.new(default_src: %w('self'), navigate_to: %w(foo.com))
-        expect(csp.value).to eq("default-src 'self'; navigate-to foo.com")
-      end
-
-      it "supports strict-dynamic" do
-        csp = ContentSecurityPolicy.new({default_src: %w('self'), script_src: [ContentSecurityPolicy::STRICT_DYNAMIC], script_nonce: 123456})
-        expect(csp.value).to eq("default-src 'self'; script-src 'strict-dynamic' 'nonce-123456' 'unsafe-inline'")
-      end
-
-      it "supports strict-dynamic and opting out of the appended 'unsafe-inline'" do
-        csp = ContentSecurityPolicy.new({default_src: %w('self'), script_src: [ContentSecurityPolicy::STRICT_DYNAMIC], script_nonce: 123456, disable_nonce_backwards_compatibility: true })
-        expect(csp.value).to eq("default-src 'self'; script-src 'strict-dynamic' 'nonce-123456'")
-      end
-
-      it "supports script-src-elem directive" do
-        csp = ContentSecurityPolicy.new({script_src: %w('self'), script_src_elem: %w('self')})
-        expect(csp.value).to eq("script-src 'self'; script-src-elem 'self'")
-      end
-
-      it "supports script-src-attr directive" do
-        csp = ContentSecurityPolicy.new({script_src: %w('self'), script_src_attr: %w('self')})
-        expect(csp.value).to eq("script-src 'self'; script-src-attr 'self'")
-      end
-
-      it "supports style-src-elem directive" do
-        csp = ContentSecurityPolicy.new({style_src: %w('self'), style_src_elem: %w('self')})
-        expect(csp.value).to eq("style-src 'self'; style-src-elem 'self'")
-      end
-
-      it "supports style-src-attr directive" do
-        csp = ContentSecurityPolicy.new({style_src: %w('self'), style_src_attr: %w('self')})
-        expect(csp.value).to eq("style-src 'self'; style-src-attr 'self'")
-      end
-
-      it "supports trusted-types directive" do
-        csp = ContentSecurityPolicy.new({trusted_types: %w(blahblahpolicy)})
-        expect(csp.value).to eq("trusted-types blahblahpolicy")
-      end
-
-      it "supports trusted-types directive with 'none'" do
-        csp = ContentSecurityPolicy.new({trusted_types: %w('none')})
-        expect(csp.value).to eq("trusted-types 'none'")
-      end
-
-      it "allows duplicate policy names in trusted-types directive" do
-        csp = ContentSecurityPolicy.new({trusted_types: %w(blahblahpolicy 'allow-duplicates')})
-        expect(csp.value).to eq("trusted-types blahblahpolicy 'allow-duplicates'")
-      end
-    end
-  end
-end

data/spec/lib/secure_headers/headers/cookie_spec.rb

@@ -1,179 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-
-module SecureHeaders
-  describe Cookie do
-    let(:raw_cookie) { "_session=thisisatest" }
-
-    it "does not tamper with cookies when using OPT_OUT is used" do
-      cookie = Cookie.new(raw_cookie, OPT_OUT)
-      expect(cookie.to_s).to eq(raw_cookie)
-    end
-
-    it "applies httponly, secure, and samesite by default" do
-      cookie = Cookie.new(raw_cookie, nil)
-      expect(cookie.to_s).to eq("_session=thisisatest; secure; HttpOnly; SameSite=Lax")
-    end
-
-    it "preserves existing attributes" do
-      cookie = Cookie.new("_session=thisisatest; secure", secure: true, httponly: OPT_OUT, samesite: OPT_OUT)
-      expect(cookie.to_s).to eq("_session=thisisatest; secure")
-    end
-
-    it "prevents duplicate flagging of attributes" do
-      cookie = Cookie.new("_session=thisisatest; secure", secure: true, httponly: OPT_OUT)
-      expect(cookie.to_s.scan(/secure/i).count).to eq(1)
-    end
-
-    context "Secure cookies" do
-      context "when configured with a boolean" do
-        it "flags cookies as Secure" do
-          cookie = Cookie.new(raw_cookie, secure: true, httponly: OPT_OUT, samesite: OPT_OUT)
-          expect(cookie.to_s).to eq("_session=thisisatest; secure")
-        end
-      end
-
-      context "when configured with a Hash" do
-        it "flags cookies as Secure when whitelisted" do
-          cookie = Cookie.new(raw_cookie, secure: { only: ["_session"]}, httponly: OPT_OUT, samesite: OPT_OUT)
-          expect(cookie.to_s).to eq("_session=thisisatest; secure")
-        end
-
-        it "does not flag cookies as Secure when excluded" do
-          cookie = Cookie.new(raw_cookie, secure: { except: ["_session"] }, httponly: OPT_OUT, samesite: OPT_OUT)
-          expect(cookie.to_s).to eq("_session=thisisatest")
-        end
-      end
-    end
-
-    context "HttpOnly cookies" do
-      context "when configured with a boolean" do
-        it "flags cookies as HttpOnly" do
-          cookie = Cookie.new(raw_cookie, httponly: true, secure: OPT_OUT, samesite: OPT_OUT)
-          expect(cookie.to_s).to eq("_session=thisisatest; HttpOnly")
-        end
-      end
-
-      context "when configured with a Hash" do
-        it "flags cookies as HttpOnly when whitelisted" do
-          cookie = Cookie.new(raw_cookie, httponly: { only: ["_session"]}, secure: OPT_OUT, samesite: OPT_OUT)
-          expect(cookie.to_s).to eq("_session=thisisatest; HttpOnly")
-        end
-
-        it "does not flag cookies as HttpOnly when excluded" do
-          cookie = Cookie.new(raw_cookie, httponly: { except: ["_session"] }, secure: OPT_OUT, samesite: OPT_OUT)
-          expect(cookie.to_s).to eq("_session=thisisatest")
-        end
-      end
-    end
-
-    context "SameSite cookies" do
-      %w(None Lax Strict).each do |flag|
-        it "flags SameSite=#{flag}" do
-          cookie = Cookie.new(raw_cookie, samesite: { flag.downcase.to_sym => { only: ["_session"] } }, secure: OPT_OUT, httponly: OPT_OUT)
-          expect(cookie.to_s).to eq("_session=thisisatest; SameSite=#{flag}")
-        end
-
-        it "flags SameSite=#{flag} when configured with a boolean" do
-          cookie = Cookie.new(raw_cookie, samesite: { flag.downcase.to_sym => true}, secure: OPT_OUT, httponly: OPT_OUT)
-          expect(cookie.to_s).to eq("_session=thisisatest; SameSite=#{flag}")
-        end
-
-        it "does not flag cookies as SameSite=#{flag} when excluded" do
-          cookie = Cookie.new(raw_cookie, samesite: { flag.downcase.to_sym => { except: ["_session"] } }, secure: OPT_OUT, httponly: OPT_OUT)
-          expect(cookie.to_s).to eq("_session=thisisatest")
-        end
-      end
-
-      it "flags SameSite=Strict when configured with a boolean" do
-        cookie = Cookie.new(raw_cookie, {samesite: { strict: true}, secure: OPT_OUT, httponly: OPT_OUT})
-        expect(cookie.to_s).to eq("_session=thisisatest; SameSite=Strict")
-      end
-
-      it "flags properly when both lax and strict are configured" do
-        raw_cookie = "_session=thisisatest"
-        cookie = Cookie.new(raw_cookie, samesite: { strict: { only: ["_session"] }, lax: { only: ["_additional_session"] } }, secure: OPT_OUT, httponly: OPT_OUT)
-        expect(cookie.to_s).to eq("_session=thisisatest; SameSite=Strict")
-      end
-
-      it "ignores configuration if the cookie is already flagged" do
-        raw_cookie = "_session=thisisatest; SameSite=Strict"
-        cookie = Cookie.new(raw_cookie, samesite: { lax: true }, secure: OPT_OUT, httponly: OPT_OUT)
-        expect(cookie.to_s).to eq(raw_cookie)
-      end
-
-      it "samesite: true sets all cookies to samesite=lax" do
-        raw_cookie = "_session=thisisatest"
-        cookie = Cookie.new(raw_cookie, samesite: true, secure: OPT_OUT, httponly: OPT_OUT)
-        expect(cookie.to_s).to eq("_session=thisisatest; SameSite=Lax")
-      end
-    end
-  end
-
-  context "with an invalid configuration" do
-    it "raises an exception when not configured with a Hash" do
-      expect do
-        Cookie.validate_config!("configuration")
-      end.to raise_error(CookiesConfigError)
-    end
-
-    it "raises an exception when configured without a boolean(true or OPT_OUT)/Hash" do
-      expect do
-        Cookie.validate_config!(secure: "true")
-      end.to raise_error(CookiesConfigError)
-    end
-
-    it "raises an exception when configured with false" do
-      expect do
-        Cookie.validate_config!(secure: false)
-      end.to raise_error(CookiesConfigError)
-    end
-
-    it "raises an exception when both only and except filters are provided" do
-      expect do
-        Cookie.validate_config!(secure: { only: [], except: [] })
-      end.to raise_error(CookiesConfigError)
-    end
-
-    it "raises an exception when SameSite is not configured with a Hash" do
-      expect do
-        Cookie.validate_config!(samesite: true)
-      end.to raise_error(CookiesConfigError)
-    end
-
-    cookie_options = %i(none lax strict)
-    cookie_options.each do |flag|
-      (cookie_options - [flag]).each do |other_flag|
-        it "raises an exception when SameSite #{flag} and #{other_flag} enforcement modes are configured with booleans" do
-          expect do
-            Cookie.validate_config!(samesite: { flag => true, other_flag => true})
-          end.to raise_error(CookiesConfigError)
-        end
-      end
-    end
-
-    it "raises an exception when SameSite lax and strict enforcement modes are configured with booleans" do
-      expect do
-        Cookie.validate_config!(samesite: { lax: true, strict: { only: ["_anything"] } })
-      end.to raise_error(CookiesConfigError)
-    end
-
-    it "raises an exception when both only and except filters are provided to SameSite configurations" do
-      expect do
-        Cookie.validate_config!(samesite: { lax: { only: ["_anything"], except: ["_anythingelse"] } })
-      end.to raise_error(CookiesConfigError)
-    end
-
-    it "raises an exception when both lax and strict only filters are provided to SameSite configurations" do
-      expect do
-        Cookie.validate_config!(samesite: { lax: { only: ["_anything"] }, strict: { only: ["_anything"] } })
-      end.to raise_error(CookiesConfigError)
-    end
-
-    it "raises an exception when both lax and strict only filters are provided to SameSite configurations" do
-      expect do
-        Cookie.validate_config!(samesite: { lax: { except: ["_anything"] }, strict: { except: ["_anything"] } })
-      end.to raise_error(CookiesConfigError)
-    end
-  end
-end

data/spec/lib/secure_headers/headers/expect_certificate_transparency_spec.rb

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-
-module SecureHeaders
-  describe ExpectCertificateTransparency do
-    specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: true).value).to eq("enforce, max-age=1234") }
-    specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: false).value).to eq("max-age=1234") }
-    specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: "yolocopter").value).to eq("max-age=1234") }
-    specify { expect(ExpectCertificateTransparency.new(max_age: 1234, report_uri: "https://report-uri.io/expect-ct").value).to eq("max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"") }
-    specify do
-      config = { enforce: true, max_age: 1234, report_uri: "https://report-uri.io/expect-ct" }
-      header_value = "enforce, max-age=1234, report-uri=\"https://report-uri.io/expect-ct\""
-      expect(ExpectCertificateTransparency.new(config).value).to eq(header_value)
-    end
-
-    context "with an invalid configuration" do
-      it "raises an exception when configuration isn't a hash" do
-        expect do
-          ExpectCertificateTransparency.validate_config!(%w(a))
-        end.to raise_error(ExpectCertificateTransparencyConfigError)
-      end
-
-      it "raises an exception when max-age is not provided" do
-        expect do
-          ExpectCertificateTransparency.validate_config!(foo: "bar")
-        end.to raise_error(ExpectCertificateTransparencyConfigError)
-      end
-
-      it "raises an exception with an invalid max-age" do
-        expect do
-          ExpectCertificateTransparency.validate_config!(max_age: "abc123")
-        end.to raise_error(ExpectCertificateTransparencyConfigError)
-      end
-
-      it "raises an exception with an invalid enforce value" do
-        expect do
-          ExpectCertificateTransparency.validate_config!(enforce: "brokenstring")
-        end.to raise_error(ExpectCertificateTransparencyConfigError)
-      end
-    end
-  end
-end