1# frozen_string_literal: true 2 3require 'spec_helper' 4 5RSpec.describe 'OneTrust content security policy' do 6 let(:user) { create(:user) } 7 8 before do 9 stub_config(extra: { one_trust_id: SecureRandom.uuid }) 10 end 11 12 it 'has proper Content Security Policy headers' do 13 visit root_path 14 15 expect(response_headers['Content-Security-Policy']).to include('https://cdn.cookielaw.org https://*.onetrust.com') 16 end 17end 18