Add spec for Content-Security-Policy: connect-src

Author: snuggs

middleware/policy.es

@@ -11,9 +11,14 @@ const
   // `style-src 'self' 'unsafe-inline' https://cdn.example.com
     = [`'none'`]
 
+, connects
+  // `connect-src 'self' https://${domain};`
+    = [`'none'`]
+
 , policies = [
   , `default-src ${ defaults.join ` ` };`
   , `frame-src ${ frames.join ` ` };`
+  , `connect-src ${ connects.join ` ` };`
   , `style-src ${ styles.join ` ` };`
   ]
 

middleware/policy.test

@@ -27,7 +27,7 @@ test ("Content-Security-Policy: default-src 'none'", async t => {
 })
 
 
-test.only ("Content-Security-Policy: frame-src 'self'", async t => {
+test ("Content-Security-Policy: frame-src 'self'", async t => {
 
   const
     server   = (new Server).serve ``
@@ -42,7 +42,21 @@ test.only ("Content-Security-Policy: frame-src 'self'", async t => {
 })
 
 
-test ("Content-Security-Policy: connect-src 'self'")
+test.only ("Content-Security-Policy: connect-src 'self'", async t => {
+
+  const
+    server   = (new Server).serve ``
+  , response = await fetch ('http://localhost:8181/')
+  , policy   = response.headers.get ('content-security-policy')
+
+
+  t.ok ( policy.includes `connect-src 'none'` )
+
+  server.close ``
+  t.end ()
+})
+
+
 test ("Content-Security-Policy: img-src 'self' https://cdn.example.com")