From 0114b457c017aded9fc13bfd2ed4f71309bc686c Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Wed, 18 Sep 2013 16:12:34 -0500 Subject: [PATCH] SEC-2330: CacheControlHeadersWriter use a single header --- .../annotation/web/WebSecurityConfigurerAdapterTests.groovy | 2 +- .../web/configurers/HeadersConfigurerTests.groovy | 4 ++-- .../web/configurers/NamespaceHttpHeadersTests.groovy | 4 ++-- .../security/config/http/HttpHeadersConfigTests.groovy | 6 +++--- .../web/header/writers/CacheControlHeadersWriter.java | 2 +- .../web/header/writers/CacheControlHeadersWriterTests.java | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy index 6e15ea0cc9..55aa4e1736 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy @@ -77,7 +77,7 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec { responseHeaders == ['X-Content-Type-Options':'nosniff', 'X-Frame-Options':'DENY', 'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains', - 'Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate', + 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', 'Pragma':'no-cache', 'X-XSS-Protection' : '1; mode=block'] } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy index fced68ed4f..5af8dd9401 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy @@ -48,7 +48,7 @@ class HeadersConfigurerTests extends BaseSpringSpec { responseHeaders == ['X-Content-Type-Options':'nosniff', 'X-Frame-Options':'DENY', 'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains', - 'Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate', + 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', 'Pragma':'no-cache', 'X-XSS-Protection' : '1; mode=block'] } @@ -127,7 +127,7 @@ class HeadersConfigurerTests extends BaseSpringSpec { when: springSecurityFilterChain.doFilter(request,response,chain) then: - responseHeaders == ['Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate', + responseHeaders == ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', 'Pragma':'no-cache'] } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.groovy index 66595012b8..fdffc74922 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.groovy @@ -47,7 +47,7 @@ public class NamespaceHttpHeadersTests extends BaseSpringSpec { responseHeaders == ['X-Content-Type-Options':'nosniff', 'X-Frame-Options':'DENY', 'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains', - 'Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate', + 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', 'Pragma':'no-cache', 'X-XSS-Protection' : '1; mode=block'] } @@ -68,7 +68,7 @@ public class NamespaceHttpHeadersTests extends BaseSpringSpec { when: springSecurityFilterChain.doFilter(request,response,chain) then: - responseHeaders == ['Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate', + responseHeaders == ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', 'Pragma':'no-cache'] } diff --git a/config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy b/config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy index 0ce1766eef..f71350a8ef 100644 --- a/config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy @@ -53,7 +53,7 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests { assertHeaders(response, ['X-Content-Type-Options':'nosniff', 'X-Frame-Options':'DENY', 'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains', - 'Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate', + 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', 'Pragma':'no-cache', 'X-XSS-Protection' : '1; mode=block']) } @@ -332,7 +332,7 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests { when: springSecurityFilterChain.doFilter(new MockHttpServletRequest(), response, new MockFilterChain()) then: - assertHeaders(response, ['Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate','Pragma':'no-cache']) + assertHeaders(response, ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate','Pragma':'no-cache']) } def 'http headers hsts'() { @@ -388,7 +388,7 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests { def assertHeaders(MockHttpServletResponse response, Map expected) { assert response.headerNames == expected.keySet() expected.each { headerName, value -> - assert response.getHeaderValues(headerName) == value.split(',') + assert response.getHeaderValues(headerName) == [value] } } } diff --git a/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java index a8c82a8218..0699351a54 100644 --- a/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java +++ b/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java @@ -42,7 +42,7 @@ public final class CacheControlHeadersWriter extends StaticHeadersWriter { private static List
createHeaders() { List
headers = new ArrayList
(2); - headers.add(new Header("Cache-Control","no-cache","no-store","max-age=0","must-revalidate")); + headers.add(new Header("Cache-Control","no-cache, no-store, max-age=0, must-revalidate")); headers.add(new Header("Pragma","no-cache")); return headers; } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java index 0ca54df29a..71df5c060a 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java @@ -48,7 +48,7 @@ public class CacheControlHeadersWriterTests { writer.writeHeaders(request, response); assertThat(response.getHeaderNames().size()).isEqualTo(2); - assertThat(response.getHeaderValues("Cache-Control")).isEqualTo(Arrays.asList("no-cache","no-store","max-age=0","must-revalidate")); + assertThat(response.getHeaderValues("Cache-Control")).isEqualTo(Arrays.asList("no-cache, no-store, max-age=0, must-revalidate")); assertThat(response.getHeaderValues("Pragma")).isEqualTo(Arrays.asList("no-cache")); } }