first pass RT4 merge, RT#13852

author: Ivan Kohler <ivan@freeside.biz> 2012-04-24 11:35:56 -0700
committer: Ivan Kohler <ivan@freeside.biz> 2012-04-24 11:35:56 -0700
commit: 6587f6ba7d047ddc1686c080090afe7d53365bd4 (patch)
tree: ec77342668e8865aca669c9b4736e84e3077b523 /rt/t/web/clickjacking-preventions.t
parent: 47153aae5c2fc00316654e7277fccd45f72ff611 (diff)
1 files changed, 30 insertions, 0 deletions
diff --git a/rt/t/web/clickjacking-preventions.t b/rt/t/web/clickjacking-preventions.t
new file mode 100644
index 000000000..dde82952b
--- /dev/null
+++ b/rt/t/web/clickjacking-preventions.t
@@ -0,0 +1,30 @@
+#!/usr/bin/env perl
+use strict;
+use warnings;
+
+use RT::Test tests => 11;
+
+my ($url, $m);
+
+# Enabled by default
+{
+    ok(RT->Config->Get('Framebusting'), "Framebusting enabled by default");
+
+    ($url, $m) = RT::Test->started_ok;
+    $m->get_ok($url);
+    $m->content_contains('if (window.top !== window.self) {', "Found the framekiller javascript");
+    is $m->response->header('X-Frame-Options'), 'DENY', "X-Frame-Options is set to DENY";
+
+    RT::Test->stop_server;
+}
+
+# Disabled
+{
+    RT->Config->Set('Framebusting', 0);
+
+    ($url, $m) = RT::Test->started_ok;
+    $m->get_ok($url);
+    $m->content_lacks('if (window.top !== window.self) {', "Didn't find the framekiller javascript");
+    is $m->response->header('X-Frame-Options'), undef, "X-Frame-Options is not present";
+}
+
author	Ivan Kohler <ivan@freeside.biz>	2012-04-24 11:35:56 -0700
committer	Ivan Kohler <ivan@freeside.biz>	2012-04-24 11:35:56 -0700
commit	6587f6ba7d047ddc1686c080090afe7d53365bd4 (patch)
tree	ec77342668e8865aca669c9b4736e84e3077b523 /rt/t/web/clickjacking-preventions.t
parent	47153aae5c2fc00316654e7277fccd45f72ff611 (diff)