diff --git a/README.md b/README.md index 6009e86b..58ea3b72 100644 --- a/README.md +++ b/README.md @@ -111,6 +111,8 @@ Options: --accept-remote-connections Accept remote connections. By default the server only accepts connections from localhost [boolean] [default: false] --key Path to the private key [string] [default: "$HOME/.ui5/server/server.key"] --cert Path to the certificate [string] [default: "$HOME/.ui5/server/server.crt"] + --sap-csp-policies Always send content security policies 'sap-target-level-1' and 'sap-target-level-2' in report-only mode [boolean] [default: false] + Examples: ui5 serve Start a web server for the current project diff --git a/lib/cli/commands/serve.js b/lib/cli/commands/serve.js index f28e883b..13fc00c1 100644 --- a/lib/cli/commands/serve.js +++ b/lib/cli/commands/serve.js @@ -37,6 +37,11 @@ serve.builder = function(cli) { default: "$HOME/.ui5/server/server.crt", type: "string" }) + .option("sap-csp-policies", { + describe: "Always send content security policies 'sap-target-level-1' and 'sap-target-level-2' in report-only mode", + default: false, + type: "boolean" + }) .example("ui5 serve", "Start a web server for the current project") .example("ui5 serve --h2", "Enable the HTTP/2 protocol for the web server (requires SSL certificate)") .example("ui5 serve --config /path/to/ui5.yaml", "Use the project configuration from a custom path") @@ -61,7 +66,8 @@ serve.handler = function(argv) { h2: argv.h2, acceptRemoteConnections: !!argv.acceptRemoteConnections, cert: argv.h2 ? argv.cert : undefined, - key: argv.h2 ? argv.key : undefined + key: argv.h2 ? argv.key : undefined, + sendSAPTargetCSP: !!argv.sapCspPolicies }; if (!serverConfig.h2) { diff --git a/test/lib/cli/commands/serve.js b/test/lib/cli/commands/serve.js index e52591fd..dfdb97c9 100644 --- a/test/lib/cli/commands/serve.js +++ b/test/lib/cli/commands/serve.js @@ -56,7 +56,8 @@ test.serial("ui5 serve: default", async (t) => { h2: false, port: 8080, cert: undefined, - key: undefined + key: undefined, + sendSAPTargetCSP: false }, "Starting server with specific server config"); }); @@ -91,7 +92,8 @@ test.serial("ui5 serve --h2", async (t) => { h2: true, port: 8443, key: "randombyte-likes-ponies-key", - cert: "randombyte-likes-ponies-cert" + cert: "randombyte-likes-ponies-cert", + sendSAPTargetCSP: false }, "Starting server with specific server config"); }); @@ -161,7 +163,8 @@ test.serial("ui5 serve --key --cert", async (t) => { h2: true, port: 8443, key: "ponies-loaded-from-custompath-key", - cert: "ponies-loaded-from-custompath-crt" + cert: "ponies-loaded-from-custompath-crt", + sendSAPTargetCSP: false }, "Starting server with specific server config"); }); @@ -182,3 +185,29 @@ test.serial("ui5 serve --translator --config", async (t) => { configPath: "path/to/my/config.json" }, "CLI was called with static translator"); }); + +test.serial("ui5 serve --sap-csp-policies", async (t) => { + normalizerStub.resolves(projectTree); + serverStub.resolves({}); + + // loads project tree using http 2 + const pPrepareServerConfig = await serve.handler(Object.assign({}, defaultInitialHandlerArgs, {sapCspPolicies: true})); + // preprocess project config + const pServeServer = await pPrepareServerConfig; + // serve server using config + await pServeServer; + + const injectedProjectTree = serverStub.getCall(0).args[0]; + const injectedServerConfig = serverStub.getCall(0).args[1]; + + t.deepEqual(injectedProjectTree, projectTree, "Starting server with given project tree"); + t.deepEqual(injectedServerConfig, { + changePortIfInUse: true, + acceptRemoteConnections: false, + h2: false, + port: 8080, + cert: undefined, + key: undefined, + sendSAPTargetCSP: true + }, "Starting server with specific server config"); +});