test(webserver): fix tests for configurable csp

internal/config/config_test.go

@@ -31,15 +31,16 @@ func TestLoad(t *testing.T) {
 	}
 
 	require.EqualValues(t, Config, Cfg{
-		Host:             "0.0.0.0",
-		Port:             9000,
-		CompressionLevel: 1,
-		Ratelimiter:      "200x5",
-		IDLength:         8,
-		IDType:           "key",
-		MaxSize:          400_000,
-		Headless:         false,
-		ConnectionURI:    "host=localhost port=5432 user=spacebin database=spacebin sslmode=disable",
-		ExpirationAge:    720,
+		Host:                  "0.0.0.0",
+		Port:                  9000,
+		CompressionLevel:      1,
+		Ratelimiter:           "200x5",
+		IDLength:              8,
+		IDType:                "key",
+		MaxSize:               400_000,
+		Headless:              false,
+		ConnectionURI:         "host=localhost port=5432 user=spacebin database=spacebin sslmode=disable",
+		ContentSecurityPolicy: "default-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';",
+		ExpirationAge:         720,
 	})
 }

internal/server/config_test.go

@@ -35,15 +35,16 @@ type ConfigResponse struct {
 }
 
 var mockConfig = config.Cfg{
-	Host:             "0.0.0.0",
-	Port:             9000,
-	CompressionLevel: 1,
-	Ratelimiter:      "200x5",
-	IDLength:         8,
-	IDType:           "key",
-	MaxSize:          400_000,
-	ExpirationAge:    720,
-	Headless:         false,
+	Host:                  "0.0.0.0",
+	Port:                  9000,
+	CompressionLevel:      1,
+	Ratelimiter:           "200x5",
+	IDLength:              8,
+	IDType:                "key",
+	MaxSize:               400_000,
+	ExpirationAge:         720,
+	ContentSecurityPolicy: "default-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';",
+	Headless:              false,
 }
 
 // executeRequest, creates a new ResponseRecorder

internal/server/server.go

@@ -124,7 +124,7 @@ func (s *Server) RegisterHeaders() {
 	s.Router.Use(middleware.SetHeader("X-Content-Type-Options", "nosniff"))
 	s.Router.Use(middleware.SetHeader("Referrer-Policy", "no-referrer-when-downgrade"))
 	s.Router.Use(middleware.SetHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload"))
-	s.Router.Use(middleware.SetHeader("Content-Security-Policy", config.Config.ContentSecurityPolicy))
+	s.Router.Use(middleware.SetHeader("Content-Security-Policy", s.Config.ContentSecurityPolicy))
 }
 
 func (s *Server) MountStatic() {

internal/server/server_test.go

@@ -101,5 +101,5 @@ func TestRegisterHeaders(t *testing.T) {
 	require.Equal(t, "nosniff", res.Result().Header.Get("X-Content-Type-Options"))
 	require.Equal(t, "no-referrer-when-downgrade", res.Result().Header.Get("Referrer-Policy"))
 	require.Equal(t, "max-age=31536000; includeSubDomains; preload", res.Result().Header.Get("Strict-Transport-Security"))
-	require.Equal(t, "default-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';", res.Result().Header.Get("Content-Security-Policy"))
+	require.Equal(t, mockConfig.ContentSecurityPolicy, res.Result().Header.Get("Content-Security-Policy"))
 }