diff --git a/README.md b/README.md index dc9c465..7ca1d24 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,10 @@ interface EmberCLIContentSecurityPolicyConfig { // Controls if addon is enabled at all. enabled?: boolean, + // Controls if addon causes tests to fail if they violate configured CSP + // policy. + failTests: true, + // A hash of options representing a Content Security Policy. The key must be // a CSP directive name as defined by spec. The value must be an array of // strings that form a CSP directive value, most likely a source list, e.g. @@ -77,6 +81,7 @@ export default function(environment) { return { delivery: ['header'], enabled: true, + failTests: true, policy: { 'default-src': ["'none'"], 'script-src': ["'self'"], diff --git a/index.js b/index.js index 37ea30c..128b9fc 100644 --- a/index.js +++ b/index.js @@ -1,6 +1,7 @@ 'use strict'; -let chalk = require('chalk'); +const chalk = require('chalk'); +const VersionChecker = require('ember-cli-version-checker'); const { buildPolicyString, calculateConfig, @@ -197,6 +198,31 @@ module.exports = { } } + if (type === 'test-body' && this._config.failTests) { + let qunitDependency = (new VersionChecker(this)).for('qunit'); + if (qunitDependency.exists() && qunitDependency.lt('2.9.2')) { + this.ui.writeWarnLine( + 'QUnit < 2.9.2 violates a strict Content Security Policy (CSP) by itself. ' + + `You are using QUnit ${qunitDependency.version}. You should upgrade the ` + + 'dependency to avoid issues.\n' + + 'Your project might not depend directly on QUnit but on ember-qunit. ' + + 'In that case you might want to upgrade ember-qunit to > 4.4.1.' + ); + } + + return ` + + `; + } + if (type === 'test-body-footer') { // Add nonce to