Fix test #4183

Fix test
authgear · Apr 29, 2024 · e7fd672 · e7fd672
2 parents 0f68a42 + ce1a7b5
commit e7fd672
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 11 deletions.
diff --git a/pkg/auth/webapp/dynamic_csp_middleware_test.go b/pkg/auth/webapp/dynamic_csp_middleware_test.go
@@ -39,7 +39,7 @@ func TestDynamicCSPMiddleware(t *testing.T) {
 					AllowFrameAncestors: true,
 					ExpectedHeaders: map[string][]string{
 						"Content-Security-Policy": {
-							"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors http://customui.com",
+							"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors http://customui.com",
 						},
 					},
 				},
@@ -55,7 +55,7 @@ func TestDynamicCSPMiddleware(t *testing.T) {
 					AllowFrameAncestors: false,
 					ExpectedHeaders: map[string][]string{
 						"Content-Security-Policy": {
-							"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
+							"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
 						},
 						"X-Frame-Options": {"DENY"},
 					},
@@ -66,7 +66,7 @@ func TestDynamicCSPMiddleware(t *testing.T) {
 					AllowFrameAncestors: true,
 					ExpectedHeaders: map[string][]string{
 						"Content-Security-Policy": {
-							"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
+							"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
 						},
 						"X-Frame-Options": {"DENY"},
 					},
@@ -77,7 +77,7 @@ func TestDynamicCSPMiddleware(t *testing.T) {
 					AllowFrameAncestors: false,
 					ExpectedHeaders: map[string][]string{
 						"Content-Security-Policy": {
-							"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
+							"default-src 'self'; script-src 'unsafe-inline' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
 						},
 						"X-Frame-Options": {"DENY"},
 					},
@@ -88,7 +88,7 @@ func TestDynamicCSPMiddleware(t *testing.T) {
 					AllowFrameAncestors: true,
 					ExpectedHeaders: map[string][]string{
 						"Content-Security-Policy": {
-							"default-src 'self'; script-src 'strict-dynamic' 'nonce-' www.googletagmanager.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
+							"default-src 'self'; script-src 'strict-dynamic' 'nonce-' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
 						},
 						"X-Frame-Options": {"DENY"},
 					},
@@ -99,7 +99,7 @@ func TestDynamicCSPMiddleware(t *testing.T) {
 					AllowFrameAncestors: false,
 					ExpectedHeaders: map[string][]string{
 						"Content-Security-Policy": {
-							"default-src 'self'; script-src 'strict-dynamic' 'nonce-' www.googletagmanager.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
+							"default-src 'self'; script-src 'strict-dynamic' 'nonce-' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' http://cdn.authgear.com; frame-src www.googletagmanager.com 'self'; font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' http://cdn.authgear.com; style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' http://cdn.authgear.com; img-src http: https: data: 'self' http://cdn.authgear.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com ws://authgear.com wss://authgear.com; block-all-mixed-content; frame-ancestors 'none'",
 						},
 						"X-Frame-Options": {"DENY"},
 					},

diff --git a/pkg/lib/web/csp_test.go b/pkg/lib/web/csp_test.go
@@ -21,7 +21,7 @@ func TestCSPDirectives(t *testing.T) {
 			AllowInlineScript: false,
 		}, []string{
 			"default-src 'self'",
-			"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com https://browser.sentry-cdn.com 'self'",
+			"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self'",
 			"frame-src www.googletagmanager.com 'self'",
 			"font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self'",
 			"style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self'",
@@ -40,7 +40,7 @@ func TestCSPDirectives(t *testing.T) {
 			AllowInlineScript: false,
 		}, []string{
 			"default-src 'self'",
-			"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com https://browser.sentry-cdn.com 'self' cdn.localhost:3000",
+			"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' cdn.localhost:3000",
 			"frame-src www.googletagmanager.com 'self'",
 			"font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' cdn.localhost:3000",
 			"style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' cdn.localhost:3000",
@@ -59,7 +59,7 @@ func TestCSPDirectives(t *testing.T) {
 			AllowInlineScript: true,
 		}, []string{
 			"default-src 'self'",
-			"script-src 'unsafe-inline' www.googletagmanager.com https://browser.sentry-cdn.com 'self' cdn.localhost:3000",
+			"script-src 'unsafe-inline' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' cdn.localhost:3000",
 			"frame-src www.googletagmanager.com 'self'",
 			"font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' cdn.localhost:3000",
 			"style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' cdn.localhost:3000",
@@ -79,7 +79,7 @@ func TestCSPDirectives(t *testing.T) {
 			FrameAncestors:    []string{"http://remote.localhost"},
 		}, []string{
 			"default-src 'self'",
-			"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com https://browser.sentry-cdn.com 'self' cdn.localhost:3000",
+			"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self' cdn.localhost:3000",
 			"frame-src www.googletagmanager.com 'self'",
 			"font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self' cdn.localhost:3000",
 			"style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self' cdn.localhost:3000",
@@ -99,7 +99,7 @@ func TestCSPDirectives(t *testing.T) {
 			AuthUISentryDSN:   "https://[email protected]/0",
 		}, []string{
 			"default-src 'self'",
-			"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com https://browser.sentry-cdn.com 'self'",
+			"script-src 'strict-dynamic' 'nonce-N0NC5' www.googletagmanager.com eu-assets.i.posthog.com https://browser.sentry-cdn.com 'self'",
 			"frame-src www.googletagmanager.com 'self'",
 			"font-src cdnjs.cloudflare.com static2.sharepointonline.com fonts.googleapis.com fonts.gstatic.com 'self'",
 			"style-src 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com 'self'",