Testing React Applications with CSP

1 min read Web Security Fundamentals

Testing React Applications with CSP

Implementing comprehensive testing ensures your CSP policies don't break React functionality:

// csp-test-utils.js
export const testCSPCompliance = (component, cspPolicy) => {
  // Mock CSP environment
  const originalCSP = document.querySelector('meta[http-equiv="Content-Security-Policy"]');
  
  // Create test CSP meta tag
  const testCSP = document.createElement('meta');
  testCSP.httpEquiv = 'Content-Security-Policy';
  testCSP.content = cspPolicy;
  document.head.appendChild(testCSP);
  
  try {
    // Test component renders without CSP violations
    const { container } = render(component);
    
    // Check for blocked resources
    const blockedScripts = container.querySelectorAll('script[blocked]');
    const blockedStyles = container.querySelectorAll('style[blocked]');
    
    expect(blockedScripts.length).toBe(0);
    expect(blockedStyles.length).toBe(0);
    
    return true;
  } catch (error) {
    console.error('CSP test failed:', error);
    return false;
  } finally {
    // Restore original CSP
    document.head.removeChild(testCSP);
    if (originalCSP) document.head.appendChild(originalCSP);
  }
};

// Jest test example
describe('CSP Compliance Tests', () => {
  test('App renders with strict CSP', () => {
    const strictCSP = "default-src 'self'; script-src 'self' 'nonce-test123';";
    const result = testCSPCompliance(<App />, strictCSP);
    expect(result).toBe(true);
  });
});