m/sfera
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden HTML5 response headers
CI / python (push) Has been cancelled
Details
CI / rust (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Mikhail
2026-05-17 12:19:40 +03:00
parent c90d708f21
commit dd80ea2f9d
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/api-server/tests/test_api.py
+7
View File
@@ -47,6 +47,7 @@ def assert_html5_contract(text: str, *markers: str, full_page: bool = False) ->
def assert_html5_response_contract(response, *markers: str, full_page: bool = False) -> None:
assert "text/html" in response.headers["content-type"]
assert response.headers["cache-control"] == "no-cache, no-transform"
assert response.headers["x-content-type-options"] == "nosniff"
assert_html5_contract(response.text, *markers, full_page=full_page)
@@ -176,6 +177,7 @@ def test_html5_server_rendered_project_editor(tmp_path: Path):
assert events.headers["cache-control"] == "no-cache, no-transform"
assert events.headers["x-accel-buffering"] == "no"
assert events.headers["connection"] == "keep-alive"
assert events.headers["x-content-type-options"] == "nosniff"
first_chunk = "".join(events.iter_text())
assert ": project " in first_chunk
assert "retry: 5000" in first_chunk
@@ -267,16 +269,19 @@ def test_html5_server_rendered_project_editor(tmp_path: Path):
assert htmx_asset.status_code == 200
assert "javascript" in htmx_asset.headers["content-type"]
assert htmx_asset.headers["cache-control"] == "public, max-age=86400"
assert htmx_asset.headers["x-content-type-options"] == "nosniff"
assert "htmx" in htmx_asset.text
sse_asset = client.get("/html5/assets/htmx-ext-sse.js")
assert sse_asset.status_code == 200
assert "javascript" in sse_asset.headers["content-type"]
assert sse_asset.headers["cache-control"] == "public, max-age=86400"
assert sse_asset.headers["x-content-type-options"] == "nosniff"
assert "sse" in sse_asset.text
css_asset = client.get("/html5/assets/html5.css")
assert css_asset.status_code == 200
assert "text/css" in css_asset.headers["content-type"]
assert css_asset.headers["cache-control"] == "public, max-age=86400"
assert css_asset.headers["x-content-type-options"] == "nosniff"
assert ".workspace" in css_asset.text
@@ -720,6 +725,7 @@ def test_html5_project_setup_renders_server_fragments():
assert events.headers["cache-control"] == "no-cache, no-transform"
assert events.headers["x-accel-buffering"] == "no"
assert events.headers["connection"] == "keep-alive"
assert events.headers["x-content-type-options"] == "nosniff"
first_chunk = "".join(events.iter_text())
assert ": setup " in first_chunk
assert "retry: 5000" in first_chunk
@@ -762,6 +768,7 @@ def test_html5_operations_renders_job_monitor_fragments():
assert events.headers["cache-control"] == "no-cache, no-transform"
assert events.headers["x-accel-buffering"] == "no"
assert events.headers["connection"] == "keep-alive"
assert events.headers["x-content-type-options"] == "nosniff"
first_chunk = "".join(events.iter_text())
assert ": operations heartbeat" in first_chunk
assert "retry: 5000" in first_chunk