-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnext.config.test.ts
More file actions
102 lines (87 loc) · 2.99 KB
/
next.config.test.ts
File metadata and controls
102 lines (87 loc) · 2.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
import { vi } from "vitest";
import nextConfig from "./next.config";
describe("next.config", () => {
it("redirects apex-domain traffic to the canonical subdomain", async () => {
const redirects = await nextConfig.redirects?.();
expect(redirects).toBeDefined();
expect(redirects).toEqual(
expect.arrayContaining([
expect.objectContaining({
source: "/:path*",
has: expect.arrayContaining([
expect.objectContaining({
type: "host",
value: "cadena.sh",
}),
]),
destination: "https://james.cadena.sh/:path*",
permanent: true,
}),
]),
);
});
it("proxies the BotID challenge through the origin", async () => {
const rewrites = await nextConfig.rewrites?.();
const rules = Array.isArray(rewrites)
? rewrites
: (rewrites?.beforeFiles ?? []);
const proxiesToVercelBotProtection = rules.some((rule) =>
typeof rule.destination === "string"
? rule.destination.startsWith("https://api.vercel.com/bot-protection/")
: false,
);
expect(proxiesToVercelBotProtection).toBe(true);
});
it("applies baseline security headers in production", async () => {
vi.stubEnv("NODE_ENV", "production");
const headers = await nextConfig.headers?.();
expect(headers).toBeDefined();
expect(headers).toEqual(
expect.arrayContaining([
expect.objectContaining({
source: "/(.*)",
headers: expect.arrayContaining([
expect.objectContaining({
key: "X-Content-Type-Options",
value: "nosniff",
}),
expect.objectContaining({
key: "Referrer-Policy",
value: "strict-origin-when-cross-origin",
}),
expect.objectContaining({
key: "X-Frame-Options",
value: "DENY",
}),
expect.objectContaining({
key: "Cross-Origin-Opener-Policy",
value: "same-origin",
}),
expect.objectContaining({
key: "Cross-Origin-Resource-Policy",
value: "same-origin",
}),
expect.objectContaining({
key: "Permissions-Policy",
value: expect.stringContaining("camera=()"),
}),
]),
}),
]),
);
});
it("keeps the 1Password SDK external so its WASM runtime is traced", () => {
expect(nextConfig.serverExternalPackages).toEqual(
expect.arrayContaining(["@1password/sdk", "@1password/sdk-core"]),
);
});
it("disables the x-powered-by header", () => {
expect(nextConfig.poweredByHeader).toBe(false);
});
it("does not emit site-wide security headers outside production", async () => {
vi.stubEnv("NODE_ENV", "development");
const headers = (await nextConfig.headers?.()) ?? [];
const siteWide = headers.filter((entry) => entry.source === "/(.*)");
expect(siteWide).toEqual([]);
});
});