Mercurial > hg > orthanc-tests
changeset 591:3cb7c6162c77
new test for XSS
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Tue, 12 Dec 2023 10:14:37 +0100 |
| parents | c28bd957cb93 |
| children | 6753d96dd71f |
| files | Tests/Tests.py |
| diffstat | 1 files changed, 20 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/Tests/Tests.py Sat Nov 25 12:23:45 2023 +0100 +++ b/Tests/Tests.py Tue Dec 12 10:14:37 2023 +0100 @@ -10023,3 +10023,23 @@ self.assertEqual('M3D', tags['Modality']) self.assertEqual('model/obj', tags['MIMETypeOfEncapsulatedDocument']) self.assertEqual('1.2.840.10008.5.1.4.1.1.104.4', tags['SOPClassUID']) + + + def test_error_codes_content_type(self): + + # from 1.12.2, check that a ContentType header is included in errors with an error description (ex: 404) + (headers, body) = DoGetRaw(_REMOTE, '/rnm94%3Cscript%3Ealert(1)%3C/script%3Ejdtkc/explorer.html') + self.assertEqual('404', headers['status']) + + if IsOrthancVersionAbove(_REMOTE, 1, 12, 2): + self.assertEqual('application/json', headers['content-type']) + + (headers, body) = DoPutRaw(_REMOTE, '/system', 'hello') + self.assertEqual('405', headers['status']) + # when there is no body, there is no content-type + self.assertNotIn('content-type', headers) + + # responses with bodies contain x-content-type-options + if IsOrthancVersionAbove(_REMOTE, 1, 12, 2): + (headers, body) = DoGetRaw(_REMOTE, '/system') + self.assertIn('nosniff', headers['x-content-type-options'])