commit 9edf5bc73ad3b1f9908f5856af7dfbf81484978b
author George Keishing <gkeishin@in.ibm.com> Tue Apr 09 15:07:28 2019 -0500
committer George Keishing <gkeishin@in.ibm.com> Tue Apr 16 13:14:03 2019 -0500
tree 81ccea264b39d71069946f02c3639b0fff3bde05
parent 1db8687d564c227aec23113545e788e3fc4ddd1c

Test to login and verify HTTP response header

Changes:
    - Added test to verify HTTP response header.

Resolves  openbmc/openbmc-test-automation#1535

Change-Id: Ifb4255e02de714b46010e4ddbb690b00ee67342e
Signed-off-by: George Keishing <gkeishin@in.ibm.com>

redfish/service_root/test_service_root_security.robot

diff --git a/redfish/service_root/test_service_root_security.robot b/redfish/service_root/test_service_root_security.robot
index 9262aaf..a6bc062 100644
--- a/redfish/service_root/test_service_root_security.robot
+++ b/redfish/service_root/test_service_root_security.robot
@@ -12,6 +12,14 @@
 
 ${LOGIN_SESSION_COUNT}   ${50}
 
+&{header_requirements}  Strict-Transport-Security=max-age=31536000; includeSubdomains; preload
+...                     X-Frame-Options=DENY
+...                     Pragma=no-cache
+...                     Cache-Control=no-Store,no-Cache
+...                     Content-Security-Policy=default-src 'self'; img-src 'self' data:
+...                     X-XSS-Protection=1; mode=block
+...                     X-Content-Type-Options=nosniff
+
 *** Test Cases ***
 
 Redfish Login With Invalid Credentials
@@ -100,6 +108,45 @@
     Redfish.Get  ${saved_session_info["location"]}  valid_status_codes=[${HTTP_UNAUTHORIZED}]
 
 
+Login And Verify HTTP Response Header
+    [Documentation]  Login and verify redfish HTTP response header.
+    [Tags]  Login_And_Verify_HTTP_Response_Header
+
+    # Example of HTTP redfish response header.
+    # Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
+    # X-Frame-Options: DENY
+    # Pragma: no-cache
+    # Cache-Control: no-Store,no-Cache
+    # Content-Security-Policy: default-src 'self'; img-src 'self' data:
+    # X-XSS-Protection: 1; mode=block
+    # X-Content-Type-Options: nosniff
+
+    Rprint Vars  1  header_requirements
+
+    Redfish.Login
+    ${resp}=  Redfish.Get  /redfish/v1/SessionService/Sessions
+
+    # The getheaders() method returns the headers as a list of tuples:
+    # headers:
+    #    [Strict-Transport-Security]:        max-age=31536000; includeSubdomains; preload
+    #    [X-Frame-Options]:                  DENY
+    #    [Pragma]:                           no-cache
+    #    [Cache-Control]:                    no-Store,no-Cache
+    #    [Content-Security-Policy]:          default-src 'self'; img-src 'self' data:
+    #    [X-XSS-Protection]:                 1; mode=block
+    #    [X-Content-Type-Options]:           nosniff
+    #    [X-UA-Compatible]:                  IE=11
+    #    [Content-Type]:                     application/json
+    #    [Server]:                           iBMC
+    #    [Date]:                             Tue, 16 Apr 2019 17:49:46 GMT
+    #    [Content-Length]:                   2177
+
+    ${headers}=  Key Value List To Dict  ${resp.getheaders()}
+    Rprint Vars  1  headers
+
+    Dictionary Should Contain Sub Dictionary   ${headers}  ${header_requirements}
+
+
 *** Keywords ***
 
 Login And Verify Redfish Response