test_hsts.py 1.6 KB

123456789101112131415161718192021222324252627282930313233
  1. import pytest
  2. def test_web1_HSTS_default(docker_compose, nginxproxy):
  3. r = nginxproxy.get("https://web1.nginx-proxy.tld/port", allow_redirects=False)
  4. assert "answer from port 81\n" in r.text
  5. assert "Strict-Transport-Security" in r.headers
  6. assert "max-age=31536000" == r.headers["Strict-Transport-Security"]
  7. # Regression test to ensure HSTS is enabled even when the upstream sends an error in response
  8. # Issue #1073 https://github.com/nginx-proxy/nginx-proxy/pull/1073
  9. def test_web1_HSTS_error(docker_compose, nginxproxy):
  10. r = nginxproxy.get("https://web1.nginx-proxy.tld/status/500", allow_redirects=False)
  11. assert "Strict-Transport-Security" in r.headers
  12. assert "max-age=31536000" == r.headers["Strict-Transport-Security"]
  13. def test_web2_HSTS_off(docker_compose, nginxproxy):
  14. r = nginxproxy.get("https://web2.nginx-proxy.tld/port", allow_redirects=False)
  15. assert "answer from port 81\n" in r.text
  16. assert "Strict-Transport-Security" not in r.headers
  17. def test_web3_HSTS_custom(docker_compose, nginxproxy):
  18. r = nginxproxy.get("https://web3.nginx-proxy.tld/port", allow_redirects=False)
  19. assert "answer from port 81\n" in r.text
  20. assert "Strict-Transport-Security" in r.headers
  21. assert "max-age=86400; includeSubDomains; preload" == r.headers["Strict-Transport-Security"]
  22. # Regression test for issue 1080
  23. # https://github.com/nginx-proxy/nginx-proxy/issues/1080
  24. def test_web4_HSTS_off_noredirect(docker_compose, nginxproxy):
  25. r = nginxproxy.get("https://web4.nginx-proxy.tld/port", allow_redirects=False)
  26. assert "answer from port 81\n" in r.text
  27. assert "Strict-Transport-Security" not in r.headers