From d6aa4dd32a3135e877224b0f75a3838852a714ad Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Fri, 4 Jul 2014 00:10:50 +0200
Subject: [PATCH] Adding very basic tests for Security headers

---
 .../org/cacert/gigi/TestSecurityHeaders.java  | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 tests/org/cacert/gigi/TestSecurityHeaders.java

diff --git a/tests/org/cacert/gigi/TestSecurityHeaders.java b/tests/org/cacert/gigi/TestSecurityHeaders.java
new file mode 100644
index 00000000..9df4e22c
--- /dev/null
+++ b/tests/org/cacert/gigi/TestSecurityHeaders.java
@@ -0,0 +1,31 @@
+package org.cacert.gigi;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+
+import org.cacert.gigi.testUtils.ManagedTest;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+public class TestSecurityHeaders extends ManagedTest {
+	@Test
+	public void testSTS() throws IOException {
+		HttpURLConnection uc = (HttpURLConnection) new URL("https://"
+				+ getServerName()).openConnection();
+		assertNotNull(uc.getHeaderField("Strict-Transport-Security"));
+	}
+
+	public void testCSP() throws IOException {
+		HttpURLConnection uc = (HttpURLConnection) new URL("https://"
+				+ getServerName()).openConnection();
+		assertNotNull(uc.getHeaderField("Content-Security-Policy"));
+	}
+	public void testAllowOrigin() throws IOException {
+		HttpURLConnection uc = (HttpURLConnection) new URL("https://"
+				+ getServerName()).openConnection();
+		assertNotNull(uc.getHeaderField("Access-Control-Allow-Origin"));
+
+	}
+}
-- 
2.39.2