// Smoke test for SecurityHeadersInterceptor — confirms the header compiles
// in a consumer translation unit and the constructor surface matches the
// documented API. Behavioural tests against a real IncomingRequest /
// OutgoingResponse pair would need a full oatpp request fixture; pinning
// the API surface here is enough to catch the kinds of breakage this
// header is at risk of (struct field renames, accidental ctor changes).

#include "oatpp-authkit/interceptor/SecurityHeadersInterceptor.hpp"

#include <cstdio>
#include <memory>

int main() {
    using oatpp_authkit::CspOverride;
    using oatpp_authkit::SecurityHeadersInterceptor;

    // Default ctor: strict baseline.
    auto strict = std::make_shared<SecurityHeadersInterceptor>();
    (void)strict;

    // Override ctor: every documented field reachable.
    CspOverride o;
    o.defaultSrc           = "'self'";
    o.scriptSrc            = "'self' 'unsafe-inline'";
    o.styleSrc             = "'self' 'unsafe-inline'";
    o.imgSrc               = "'self' data: https:";
    o.connectSrc           = "'self' wss:";
    o.fontSrc              = "'self'";
    o.frameAncestors       = "'self'";
    o.baseUri              = "'self'";
    o.formAction           = "'self'";
    o.sendHsts             = false;
    o.hstsIncludeSubdomains = true;
    o.xFrameOptions        = "SAMEORIGIN";
    o.permissionsPolicy    = "geolocation=(self)";
    auto relaxed = std::make_shared<SecurityHeadersInterceptor>(std::move(o));
    (void)relaxed;

    std::printf("SecurityHeadersInterceptor API ok\n");
    return 0;
}