GSSO-342 Update response header verification

e-gov · May 2, 2022 · 600bf41 · 600bf41
1 parent 16acdb5
commit 600bf41
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/groovy/ee/ria/tara/Steps.groovy b/src/main/groovy/ee/ria/tara/Steps.groovy
@@ -273,7 +273,7 @@ class Steps {
     @Step("verify response headers")
     static void verifyResponseHeaders(Response response) {
         assertThat(response.getHeader("X-Frame-Options"), equalTo("DENY"))
-        String policyString = "connect-src 'self'; default-src 'none'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'none'; frame-ancestors 'none'; block-all-mixed-content"
+        String policyString = "connect-src 'self'; default-src 'none'; font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'; base-uri 'none'; frame-ancestors 'none'; block-all-mixed-content"
         assertThat(response.getHeader("Content-Security-Policy"), equalTo(policyString))
         assertThat(response.getHeader("Strict-Transport-Security"), anyOf(containsString("max-age=16070400"), containsString("max-age=31536000")))
         assertThat(response.getHeader("Strict-Transport-Security"), containsString("includeSubDomains"))