Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-2330: CacheControlHeadersWriter use a single header

This commit is contained in:
Rob Winch 2013-09-18 16:12:34 -05:00
parent 05a7c58daa
commit 0114b457c0
6 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy
View File

@ -77,7 +77,7 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
responseHeaders == ['X-Content-Type-Options':'nosniff',
'X-Frame-Options':'DENY',
'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
'Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate',
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Pragma':'no-cache',
'X-XSS-Protection' : '1; mode=block']
}

4
config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy
View File

@ -48,7 +48,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
responseHeaders == ['X-Content-Type-Options':'nosniff',
'X-Frame-Options':'DENY',
'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
'Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate',
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Pragma':'no-cache',
'X-XSS-Protection' : '1; mode=block']
}
@ -127,7 +127,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
when:
springSecurityFilterChain.doFilter(request,response,chain)
then:
responseHeaders == ['Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate',
responseHeaders == ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Pragma':'no-cache']
}

4
config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.groovy
View File

@ -47,7 +47,7 @@ public class NamespaceHttpHeadersTests extends BaseSpringSpec {
responseHeaders == ['X-Content-Type-Options':'nosniff',
'X-Frame-Options':'DENY',
'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
'Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate',
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Pragma':'no-cache',
'X-XSS-Protection' : '1; mode=block']
}
@ -68,7 +68,7 @@ public class NamespaceHttpHeadersTests extends BaseSpringSpec {
when:
springSecurityFilterChain.doFilter(request,response,chain)
then:
responseHeaders == ['Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate',
responseHeaders == ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Pragma':'no-cache']
}

6
config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
View File

@ -53,7 +53,7 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests {
assertHeaders(response, ['X-Content-Type-Options':'nosniff',
'X-Frame-Options':'DENY',
'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
'Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate',
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Pragma':'no-cache',
'X-XSS-Protection' : '1; mode=block'])
}
@ -332,7 +332,7 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests {
when:
springSecurityFilterChain.doFilter(new MockHttpServletRequest(), response, new MockFilterChain())
then:
assertHeaders(response, ['Cache-Control': 'no-cache,no-store,max-age=0,must-revalidate','Pragma':'no-cache'])
assertHeaders(response, ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate','Pragma':'no-cache'])
}
def 'http headers hsts'() {
@ -388,7 +388,7 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests {
def assertHeaders(MockHttpServletResponse response, Map<String,String> expected) {
assert response.headerNames == expected.keySet()
expected.each { headerName, value ->
assert response.getHeaderValues(headerName) == value.split(',')
assert response.getHeaderValues(headerName) == [value]
}
}
}

2
web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
View File

@ -42,7 +42,7 @@ public final class CacheControlHeadersWriter extends StaticHeadersWriter {
private static List<Header> createHeaders() {
List<Header> headers = new ArrayList<Header>(2);
headers.add(new Header("Cache-Control","no-cache","no-store","max-age=0","must-revalidate"));
headers.add(new Header("Cache-Control","no-cache, no-store, max-age=0, must-revalidate"));
headers.add(new Header("Pragma","no-cache"));
return headers;
}

2
web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java
View File

@ -48,7 +48,7 @@ public class CacheControlHeadersWriterTests {
writer.writeHeaders(request, response);
assertThat(response.getHeaderNames().size()).isEqualTo(2);
assertThat(response.getHeaderValues("Cache-Control")).isEqualTo(Arrays.asList("no-cache","no-store","max-age=0","must-revalidate"));
assertThat(response.getHeaderValues("Cache-Control")).isEqualTo(Arrays.asList("no-cache, no-store, max-age=0, must-revalidate"));
assertThat(response.getHeaderValues("Pragma")).isEqualTo(Arrays.asList("no-cache"));
}
}