merging RT 4.0.6

author: Ivan Kohler <ivan@freeside.biz> 2012-06-30 01:03:13 -0700
committer: Ivan Kohler <ivan@freeside.biz> 2012-06-30 01:03:13 -0700
commit: f3c4966ed1f6ec3db7accd6dcdd3a5a3821d72a7 (patch)
tree: e5e9a077260613e6117d4697dd2985abd9b03d34 /rt/t/web/clickjacking-preventions.t
parent: cf7cd8efc7095aadbdfb0cd8e7ea0e2e8b9e9085 (diff)
parent: cd3eb95ed1f3dc3e04cfc2b3b405f75b3ab086da (diff)
1 files changed, 30 insertions, 0 deletions
diff --git a/rt/t/web/clickjacking-preventions.t b/rt/t/web/clickjacking-preventions.t
new file mode 100644
index 000000000..dde82952b
--- /dev/null
+++ b/rt/t/web/clickjacking-preventions.t
@@ -0,0 +1,30 @@
+#!/usr/bin/env perl
+use strict;
+use warnings;
+
+use RT::Test tests => 11;
+
+my ($url, $m);
+
+# Enabled by default
+{
+    ok(RT->Config->Get('Framebusting'), "Framebusting enabled by default");
+
+    ($url, $m) = RT::Test->started_ok;
+    $m->get_ok($url);
+    $m->content_contains('if (window.top !== window.self) {', "Found the framekiller javascript");
+    is $m->response->header('X-Frame-Options'), 'DENY', "X-Frame-Options is set to DENY";
+
+    RT::Test->stop_server;
+}
+
+# Disabled
+{
+    RT->Config->Set('Framebusting', 0);
+
+    ($url, $m) = RT::Test->started_ok;
+    $m->get_ok($url);
+    $m->content_lacks('if (window.top !== window.self) {', "Didn't find the framekiller javascript");
+    is $m->response->header('X-Frame-Options'), undef, "X-Frame-Options is not present";
+}
+
author	Ivan Kohler <ivan@freeside.biz>	2012-06-30 01:03:13 -0700
committer	Ivan Kohler <ivan@freeside.biz>	2012-06-30 01:03:13 -0700
commit	f3c4966ed1f6ec3db7accd6dcdd3a5a3821d72a7 (patch)
tree	e5e9a077260613e6117d4697dd2985abd9b03d34 /rt/t/web/clickjacking-preventions.t
parent	cf7cd8efc7095aadbdfb0cd8e7ea0e2e8b9e9085 (diff)
parent	cd3eb95ed1f3dc3e04cfc2b3b405f75b3ab086da (diff)