UNPKG

@networkpro/web

Version:

Locking Down Networks, Unlocking Confidence™ | Security, Networking, Privacy — Network Pro Strategies

netwk.pro

netwk-pro/netwk-pro.github.io

82 lines (67 loc) 2.46 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
/* ========================================================================== tests/unit/csp-report.test.js Copyright © 2025 Network Pro Strategies (Network Pro™) SPDX-License-Identifier: CC-BY-4.0 OR GPL-3.0-or-later This file is part of Network Pro. ========================================================================== */ /** * Tests the edge-functions/csp-report.js CSP reporting endpoint * * @module tests/unit * @author SunDevil311 * @updated 2025-05-31 */ /** @file Unit tests for edge-functions/csp-report.js using Vitest */ /** @typedef {import('vitest').TestContext} TestContext */ import { beforeEach, describe, expect, it, vi } from 'vitest'; import handler from '../../netlify/edge-functions/csp-report.js'; // 🧪 Mock fetch used by sendToNtfy inside the Edge Function global.fetch = vi.fn(() => Promise.resolve({ ok: true, status: 200, text: () => 'OK' }), ); describe('csp-report.js', () => { beforeEach(() => { vi.clearAllMocks(); }); it('should handle a valid CSP report', async () => { const req = new Request('http://localhost/api/csp-report', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ 'csp-report': { 'document-uri': 'https://example.com', 'violated-directive': 'script-src', 'blocked-uri': 'https://malicious.site', }, }), }); const res = await handler(req, {}); expect(res.status).toBe(204); }); it('should reject non-POST requests', async () => { const req = new Request('http://localhost/api/csp-report', { method: 'GET', }); const res = await handler(req, {}); const text = await res.text(); expect(res.status).toBe(405); expect(text).toContain('Method Not Allowed'); }); it('should handle malformed JSON', async () => { const badJson = '{ invalid json }'; const req = new Request('http://localhost/api/csp-report', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: badJson, }); const res = await handler(req, {}); expect(res.status).toBe(204); // The current handler swallows errors silently }); it('should handle missing body', async () => { const req = new Request('http://localhost/api/csp-report', { method: 'POST', }); const res = await handler(req, {}); expect(res.status).toBe(204); // No body is also treated silently }); });