nqd/test-api-security-list-output

## test-api-security-list-output
const request = require('supertest')
const app = require('../../server/server')
const faker = require('faker')
const expect = require('chai').expect

function req (verb, url) {
  return request(app)[verb](url)
    .set('Content-Type', 'application/json')
    .set('Accept', 'application/json')
    .expect('Content-Type', /json/)
}

describe('HTTP header', () => {
  describe('should send login request, and returned headers', () => {
    let headers
    before(done => {
      req('post', '/api/users/login')
        .send({ email: faker.internet.email(), password: faker.internet.password() })
        .expect(401, function (err, res) {
          expect(err).to.be.null
          headers = res.header
          done()
        })
    })
    it('Content-Security-Policy: default-src none header', done => {
      expect(headers['content-security-policy']).to.be.eq('default-src "none"')
      done()
    })
    it('X-Content-Type-Options: nosniff', done => {
      expect(headers['x-content-type-options']).to.be.eq('nosniff')
      done()
    })
    it('X-Frame-Options: deny', done => {
      expect(headers['x-frame-options']).to.be.eq('DENY')
      done()
    })
    it('remove header X-Powered-By, Server', done => {
      expect(headers['x-powered-by']).to.be.null
      expect(headers['server']).to.be.null
      done()
    })
  })
})
	const request = require('supertest')
	const app = require('../../server/server')
	const faker = require('faker')
	const expect = require('chai').expect

	function req (verb, url) {
	return request(app)[verb](url)
	.set('Content-Type', 'application/json')
	.set('Accept', 'application/json')
	.expect('Content-Type', /json/)
	}

	describe('HTTP header', () => {
	describe('should send login request, and returned headers', () => {
	let headers
	before(done => {
	req('post', '/api/users/login')
	.send({ email: faker.internet.email(), password: faker.internet.password() })
	.expect(401, function (err, res) {
	expect(err).to.be.null
	headers = res.header
	done()
	})
	})
	it('Content-Security-Policy: default-src none header', done => {
	expect(headers['content-security-policy']).to.be.eq('default-src "none"')
	done()
	})
	it('X-Content-Type-Options: nosniff', done => {
	expect(headers['x-content-type-options']).to.be.eq('nosniff')
	done()
	})
	it('X-Frame-Options: deny', done => {
	expect(headers['x-frame-options']).to.be.eq('DENY')
	done()
	})
	it('remove header X-Powered-By, Server', done => {
	expect(headers['x-powered-by']).to.be.null
	expect(headers['server']).to.be.null
	done()
	})
	})
	})