overleaf/services/web/test/acceptance/src/SecurityHeadersTests.js

/* eslint-disable
    camelcase,
    n/handle-callback-err,
    max-len,
    no-return-assign,
*/
// TODO: This file was created by bulk-decaffeinate.
// Fix any style issues and re-enable lint.
/*
 * decaffeinate suggestions:
 * DS102: Remove unnecessary code created because of implicit returns
 * DS207: Consider shorter variations of null checks
 * Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
 */
const { assert } = require('chai')
const async = require('async')
const User = require('./helpers/User')
const request = require('./helpers/request')

const assert_has_common_headers = function (response) {
  const { headers } = response
  assert.equal(headers['x-download-options'], 'noopen')
  assert.equal(headers['x-xss-protection'], '1; mode=block')
  return assert.equal(headers['referrer-policy'], 'origin-when-cross-origin')
}

const assert_has_cache_headers = function (response) {
  const { headers } = response
  assert.equal(headers['surrogate-control'], 'no-store')
  assert.equal(
    headers['cache-control'],
    'no-store, no-cache, must-revalidate, proxy-revalidate'
  )
  assert.equal(headers.pragma, 'no-cache')
  return assert.equal(headers.expires, '0')
}

const assert_has_no_cache_headers = function (response) {
  const { headers } = response
  assert.isUndefined(headers['surrogate-control'])
  assert.isUndefined(headers['cache-control'])
  assert.isUndefined(headers.pragma)
  return assert.isUndefined(headers.expires)
}
const assert_has_asset_caching_headers = function (response) {
  const { headers } = response
  assert.equal(headers['cache-control'], 'public, max-age=31536000')
}

describe('SecurityHeaders', function () {
  beforeEach(function () {
    return (this.user = new User())
  })

  it('should not have x-powered-by header', function (done) {
    return request.get('/', (err, res, body) => {
      assert.isUndefined(res.headers['x-powered-by'])
      return done()
    })
  })

  it('should have all common headers', function (done) {
    return request.get('/', (err, res, body) => {
      assert_has_common_headers(res)
      return done()
    })
  })

  it('should not have cache headers on public pages', function (done) {
    return request.get('/', (err, res, body) => {
      assert_has_no_cache_headers(res)
      return done()
    })
  })

  it('should have caching headers on static assets', function (done) {
    request.get('/favicon.ico', (err, res) => {
      assert_has_asset_caching_headers(res)
      done(err)
    })
  })

  it('should have cache headers when user is logged in', function (done) {
    return async.series(
      [
        cb => this.user.login(cb),
        cb => this.user.request.get('/', cb),
        cb => this.user.logout(cb),
      ],
      (err, results) => {
        const main_response = results[1][0]
        assert_has_cache_headers(main_response)
        return done()
      }
    )
  })

  it('should have cache headers on project page', function (done) {
    return async.series(
      [
        cb => this.user.login(cb),
        cb => {
          return this.user.createProject(
            'public-project',
            (error, project_id) => {
              if (error != null) {
                return done(error)
              }
              this.project_id = project_id
              return this.user.makePublic(this.project_id, 'readAndWrite', cb)
            }
          )
        },
        cb => this.user.logout(cb),
      ],
      (err, results) => {
        return request.get(`/project/${this.project_id}`, (err, res, body) => {
          assert_has_cache_headers(res)
          return done()
        })
      }
    )
  })

  it('should have caching headers on static assets when user is logged in', function (done) {
    async.series(
      [
        cb => this.user.login(cb),
        cb => this.user.request.get('/favicon.ico', cb),
        cb => this.user.logout(cb),
      ],
      (err, results) => {
        const res = results[1][0]
        assert_has_asset_caching_headers(res)
        done()
      }
    )
  })
})
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`/* eslint-disable`
			`camelcase,`
Merge pull request #7986 from overleaf/jpa-eslint-8 [misc] upgrade eslint packages to the latest version everywhere GitOrigin-RevId: f1480d4a171acef82fb26c4aa54be3a6088b0ab3 2022-05-16 10:25:49 -04:00			`n/handle-callback-err,`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`max-len,`
			`no-return-assign,`
			`*/`
			`// TODO: This file was created by bulk-decaffeinate.`
			`// Fix any style issues and re-enable lint.`
			`/*`
			`* decaffeinate suggestions:`
			`* DS102: Remove unnecessary code created because of implicit returns`
			`* DS207: Consider shorter variations of null checks`
			`* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md`
			`*/`
			`const { assert } = require('chai')`
			`const async = require('async')`
			`const User = require('./helpers/User')`
			`const request = require('./helpers/request')`

Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`const assert_has_common_headers = function (response) {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`const { headers } = response`
			`assert.equal(headers['x-download-options'], 'noopen')`
			`assert.equal(headers['x-xss-protection'], '1; mode=block')`
			`return assert.equal(headers['referrer-policy'], 'origin-when-cross-origin')`
			`}`

Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`const assert_has_cache_headers = function (response) {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`const { headers } = response`
			`assert.equal(headers['surrogate-control'], 'no-store')`
			`assert.equal(`
			`headers['cache-control'],`
			`'no-store, no-cache, must-revalidate, proxy-revalidate'`
			`)`
Merge pull request #3496 from overleaf/ae-eslint-dot-notation Enable the eslint dot-notation rule GitOrigin-RevId: e11cbad3e8a77a4a60590d3674fbf34feccc5bc9 2020-12-16 05:37:00 -05:00			`assert.equal(headers.pragma, 'no-cache')`
			`return assert.equal(headers.expires, '0')`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`

Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`const assert_has_no_cache_headers = function (response) {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`const { headers } = response`
			`assert.isUndefined(headers['surrogate-control'])`
			`assert.isUndefined(headers['cache-control'])`
Merge pull request #3496 from overleaf/ae-eslint-dot-notation Enable the eslint dot-notation rule GitOrigin-RevId: e11cbad3e8a77a4a60590d3674fbf34feccc5bc9 2020-12-16 05:37:00 -05:00			`assert.isUndefined(headers.pragma)`
			`return assert.isUndefined(headers.expires)`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`const assert_has_asset_caching_headers = function (response) {`
Merge pull request #2953 from overleaf/jpa-nocache [misc] Server: invoke the nocache middleware explicitly and add test GitOrigin-RevId: 3238b07ebf5963ae95ef3f353e4745d283795fba 2020-06-26 05:49:52 -04:00			`const { headers } = response`
			`assert.equal(headers['cache-control'], 'public, max-age=31536000')`
			`}`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00
Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`describe('SecurityHeaders', function () {`
			`beforeEach(function () {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`return (this.user = new User())`
			`})`

Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`it('should not have x-powered-by header', function (done) {`
Merge pull request #2047 from overleaf/spd-eslint-mocha-arrows Enforce consistent callback style in mocha tests GitOrigin-RevId: a64c293dae6926ef5831abe97eaf2044942a5c85 2019-08-07 10:04:04 -04:00			`return request.get('/', (err, res, body) => {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`assert.isUndefined(res.headers['x-powered-by'])`
			`return done()`
Merge pull request #2047 from overleaf/spd-eslint-mocha-arrows Enforce consistent callback style in mocha tests GitOrigin-RevId: a64c293dae6926ef5831abe97eaf2044942a5c85 2019-08-07 10:04:04 -04:00			`})`
			`})`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00
Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`it('should have all common headers', function (done) {`
Merge pull request #2047 from overleaf/spd-eslint-mocha-arrows Enforce consistent callback style in mocha tests GitOrigin-RevId: a64c293dae6926ef5831abe97eaf2044942a5c85 2019-08-07 10:04:04 -04:00			`return request.get('/', (err, res, body) => {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`assert_has_common_headers(res)`
			`return done()`
Merge pull request #2047 from overleaf/spd-eslint-mocha-arrows Enforce consistent callback style in mocha tests GitOrigin-RevId: a64c293dae6926ef5831abe97eaf2044942a5c85 2019-08-07 10:04:04 -04:00			`})`
			`})`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00
Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`it('should not have cache headers on public pages', function (done) {`
Merge pull request #2047 from overleaf/spd-eslint-mocha-arrows Enforce consistent callback style in mocha tests GitOrigin-RevId: a64c293dae6926ef5831abe97eaf2044942a5c85 2019-08-07 10:04:04 -04:00			`return request.get('/', (err, res, body) => {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`assert_has_no_cache_headers(res)`
			`return done()`
Merge pull request #2047 from overleaf/spd-eslint-mocha-arrows Enforce consistent callback style in mocha tests GitOrigin-RevId: a64c293dae6926ef5831abe97eaf2044942a5c85 2019-08-07 10:04:04 -04:00			`})`
			`})`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00
Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`it('should have caching headers on static assets', function (done) {`
Merge pull request #2953 from overleaf/jpa-nocache [misc] Server: invoke the nocache middleware explicitly and add test GitOrigin-RevId: 3238b07ebf5963ae95ef3f353e4745d283795fba 2020-06-26 05:49:52 -04:00			`request.get('/favicon.ico', (err, res) => {`
			`assert_has_asset_caching_headers(res)`
			`done(err)`
			`})`
			`})`

Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`it('should have cache headers when user is logged in', function (done) {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`return async.series(`
			`[`
			`cb => this.user.login(cb),`
			`cb => this.user.request.get('/', cb),`
Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5 2021-04-27 03:52:58 -04:00			`cb => this.user.logout(cb),`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`],`
			`(err, results) => {`
			`const main_response = results[1][0]`
			`assert_has_cache_headers(main_response)`
			`return done()`
			`}`
			`)`
			`})`

Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`it('should have cache headers on project page', function (done) {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`return async.series(`
			`[`
			`cb => this.user.login(cb),`
			`cb => {`
			`return this.user.createProject(`
			`'public-project',`
			`(error, project_id) => {`
			`if (error != null) {`
			`return done(error)`
			`}`
			`this.project_id = project_id`
			`return this.user.makePublic(this.project_id, 'readAndWrite', cb)`
			`}`
			`)`
			`},`
Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5 2021-04-27 03:52:58 -04:00			`cb => this.user.logout(cb),`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`],`
			`(err, results) => {`
			return request.get(`/project/${this.project_id}`, (err, res, body) => {
			`assert_has_cache_headers(res)`
			`return done()`
			`})`
			`}`
			`)`
			`})`
Merge pull request #2953 from overleaf/jpa-nocache [misc] Server: invoke the nocache middleware explicitly and add test GitOrigin-RevId: 3238b07ebf5963ae95ef3f353e4745d283795fba 2020-06-26 05:49:52 -04:00
Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`it('should have caching headers on static assets when user is logged in', function (done) {`
Merge pull request #2953 from overleaf/jpa-nocache [misc] Server: invoke the nocache middleware explicitly and add test GitOrigin-RevId: 3238b07ebf5963ae95ef3f353e4745d283795fba 2020-06-26 05:49:52 -04:00			`async.series(`
			`[`
			`cb => this.user.login(cb),`
			`cb => this.user.request.get('/favicon.ico', cb),`
Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5 2021-04-27 03:52:58 -04:00			`cb => this.user.logout(cb),`
Merge pull request #2953 from overleaf/jpa-nocache [misc] Server: invoke the nocache middleware explicitly and add test GitOrigin-RevId: 3238b07ebf5963ae95ef3f353e4745d283795fba 2020-06-26 05:49:52 -04:00			`],`
			`(err, results) => {`
			`const res = results[1][0]`
			`assert_has_asset_caching_headers(res)`
			`done()`
			`}`
			`)`
			`})`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`})`