@@ -221,12 +221,8 @@ func TestSecure(t *testing.T) {
221221
222222 csp := rec .Header ().Get (echo .HeaderContentSecurityPolicy )
223223
224- // Verify that api-login-myorg123.cozy.example.com appears only once (in connect-src)
225- expectedDomain := "api-login-myorg123.cozy.example.com"
226- count := strings .Count (csp , expectedDomain )
227- assert .Equal (t , 1 , count ,
228- "%s should appear exactly once (in connect-src), but found %d times. CSP: %s" ,
229- expectedDomain , count , csp )
224+ apiLoginDomain := "api-login-myorg123.cozy.example.com"
225+ orgInstanceDomain := "myorg123.cozy.example.com"
230226
231227 // Verify that connect-src contains the api-login domain
232228 connectSrcIndex := strings .Index (csp , "connect-src " )
@@ -238,8 +234,10 @@ func TestSecure(t *testing.T) {
238234 "connect-src should end with semicolon" )
239235
240236 connectSrcContent := csp [connectSrcIndex : connectSrcIndex + connectSrcEnd ]
241- assert .Contains (t , connectSrcContent , expectedDomain ,
242- "connect-src should contain %s. Found: %s" , expectedDomain , connectSrcContent )
237+ assert .Contains (t , connectSrcContent , apiLoginDomain ,
238+ "connect-src should contain %s. Found: %s" , apiLoginDomain , connectSrcContent )
239+ assert .Contains (t , connectSrcContent , orgInstanceDomain ,
240+ "connect-src should contain %s. Found: %s" , orgInstanceDomain , connectSrcContent )
243241
244242 // Verify that other directives do NOT contain the api-login domain
245243 otherDirectives := []string {
@@ -264,8 +262,10 @@ func TestSecure(t *testing.T) {
264262 directiveEnd := strings .Index (csp [directiveIndex :], ";" )
265263 if directiveEnd != - 1 {
266264 directiveContent := csp [directiveIndex : directiveIndex + directiveEnd ]
267- assert .NotContains (t , directiveContent , expectedDomain ,
268- "Directive %s should NOT contain %s. Found: %s" , directivePattern , expectedDomain , directiveContent )
265+ assert .NotContains (t , directiveContent , apiLoginDomain ,
266+ "Directive %s should NOT contain %s. Found: %s" , directivePattern , apiLoginDomain , directiveContent )
267+ assert .NotContains (t , directiveContent , orgInstanceDomain ,
268+ "Directive %s should NOT contain %s. Found: %s" , directivePattern , orgInstanceDomain , directiveContent )
269269 }
270270 }
271271 }
0 commit comments