Add simple integration tests

Author: detilium

Build.ps1

@@ -53,16 +53,16 @@ try {
         Pop-Location
     }
 
-    # foreach ($test in Get-ChildItem tests/) {
-    #     Push-Location $test
+    foreach ($test in Get-ChildItem tests/) {
+        Push-Location $test
 
-    #     Write-Output "build: Testing project in $test"
+        Write-Output "build: Testing project in $test"
 
-    #     & dotnet test -c Release --no-build --no-restore
-    #     if($LASTEXITCODE -ne 0) { throw "Testing failed" }
+        & dotnet test -c Release --no-build --no-restore
+        if($LASTEXITCODE -ne 0) { throw "Testing failed" }
 
-    #     Pop-Location
-    # }
+        Pop-Location
+    }
 
     if ($skipPackaging -eq $false) {
         Write-Output "build: Publishing NuGet package"

ByteGuard.SecurityHeaders.slnx

@@ -7,5 +7,8 @@
     <File Path="README.md" />
     <File Path=".github/workflows/ci.yml" />
   </Folder>
+  <Folder Name="/tests/">
+    <Project Path="tests/ByteGuard.SecurityHeaders.Tests/ByteGuard.SecurityHeaders.Tests.csproj" />
+  </Folder>
   <Project Path="src/ByteGuard.SecurityHeaders/ByteGuard.SecurityHeaders.csproj" />
 </Solution>

tests/ByteGuard.SecurityHeaders.Tests/ByteGuard.SecurityHeaders.Tests.csproj

@@ -0,0 +1,29 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <GenerateDocumentationFile>false</GenerateDocumentationFile>
+
+    <IsPackable>false</IsPackable>
+    <IsTestProject>true</IsTestProject>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="coverlet.collector" Version="6.0.4" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="10.0.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1" />
+    <PackageReference Include="xunit" Version="2.9.3" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.1.4" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="../../src/ByteGuard.SecurityHeaders/ByteGuard.SecurityHeaders.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Using Include="Xunit" />
+  </ItemGroup>
+
+</Project>

tests/ByteGuard.SecurityHeaders.Tests/SecurityHeadersMiddlewareTests.cs

@@ -0,0 +1,93 @@
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.Hosting;
+
+namespace ByteGuard.SecurityHeaders.Tests;
+
+public class SecurityHeadersMiddlewareTests
+{
+    [Fact(DisplayName = "UseDefaultApiSecurityHeaders add the expected headers")]
+    public async Task UseDefaultApiSecurityHeaders_AddsExpectedHeaders()
+    {
+        using var host = await new HostBuilder()
+            .ConfigureWebHost(builder =>
+            {
+                builder.UseTestServer();
+                builder.Configure(app =>
+                {
+                    app.UseDefaultApiSecurityHeaders();
+                    app.Run(async context => await context.Response.WriteAsync("response"));
+                });
+            }).StartAsync();
+
+        using var client = host.GetTestClient();
+        using var response = await client.GetAsync("/");
+
+        AssertHeader(response, "Cache-Control", "no-store");
+        AssertHeader(response, "Content-Security-Policy", "frame-ancestors 'none'");
+        AssertHeader(response, "X-Content-Type-Options", "nosniff");
+        AssertHeader(response, "X-Frame-Options", "DENY");
+    }
+
+    [Fact]
+    public async Task EnforceFalse_DoesNotOverrideExistingHeaderValues()
+    {
+        using var host = await new HostBuilder()
+            .ConfigureWebHost(builder =>
+            {
+                builder.UseTestServer();
+                builder.Configure(app =>
+                {
+                    app.UseDefaultApiSecurityHeaders(options => options.Enforce = false);
+
+                    app.Use(async (ctx, next) =>
+                    {
+                        ctx.Response.Headers["Cache-Control"] = "public, max-age=60";
+                        await next();
+                    });
+
+                    app.Run(async context => await context.Response.WriteAsync("response"));
+                });
+            }).StartAsync();
+
+        using var client = host.GetTestClient();
+        using var response = await client.GetAsync("/");
+
+        AssertHeader(response, "Cache-Control", "public, max-age=60");
+    }
+
+    [Fact]
+    public async Task EnforceTrue_OverridesExistingHeaderValues()
+    {
+        using var host = await new HostBuilder()
+            .ConfigureWebHost(builder =>
+            {
+                builder.UseTestServer();
+                builder.Configure(app =>
+                {
+                    app.UseDefaultApiSecurityHeaders(options => options.Enforce = true);
+
+                    app.Use(async (ctx, next) =>
+                    {
+                        ctx.Response.Headers["Cache-Control"] = "public, max-age=60";
+                        await next();
+                    });
+
+                    app.Run(async context => await context.Response.WriteAsync("response"));
+                });
+            }).StartAsync();
+
+        using HttpClient client = host.GetTestClient();
+        using var response = await client.GetAsync("/");
+
+        AssertHeader(response, "Cache-Control", "no-store");
+    }
+
+    private static void AssertHeader(HttpResponseMessage response, string name, string expectedValue)
+    {
+        Assert.True(response.Headers.TryGetValues(name, out var values), $"Missing header: {name}");
+        Assert.Equal(expectedValue, values.Single());
+    }
+}