Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix XContentTypeOptionsServerHttpHeadersWriter 

set constant value to X-Content-Type-Options

Closes gh-13155
This commit is contained in:
joerg-richter-5234 2023-05-20 13:07:15 +02:00 committed by Marcus Da Coregio
parent 1eefd433b6
commit 8287289bcb
2 changed files with 39 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java
View File

@ -28,7 +28,7 @@ import org.springframework.web.server.ServerWebExchange;
*/
public class XContentTypeOptionsServerHttpHeadersWriter implements ServerHttpHeadersWriter {
public static final String X_CONTENT_OPTIONS = "X-Content-Options";
public static final String X_CONTENT_OPTIONS = "X-Content-Type-Options";
public static final String NOSNIFF = "nosniff";

41
web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
View File

@ -32,11 +32,14 @@ import static org.assertj.core.api.Assertions.assertThat;
public class XContentTypeOptionsServerHttpHeadersWriterTests {
ContentTypeOptionsServerHttpHeadersWriter writer = new ContentTypeOptionsServerHttpHeadersWriter();
ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
HttpHeaders headers = this.exchange.getResponse().getHeaders();
XContentTypeOptionsServerHttpHeadersWriter writerXContentType = new XContentTypeOptionsServerHttpHeadersWriter();
ServerWebExchange exchangeXContentType = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
HttpHeaders headersXContentType = this.exchangeXContentType.getResponse().getHeaders();
@Test
public void writeHeadersWhenNoHeadersThenWriteHeaders() {
this.writer.writeHttpHeaders(this.exchange);
@ -46,7 +49,7 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests {
}
@Test
public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
public void writeHeadersWhenHeaderWrittenThenDoesNotOverride() {
String headerValue = "value";
this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
this.writer.writeHttpHeaders(this.exchange);
@ -55,4 +58,36 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests {
.containsOnly(headerValue);
}
@Test
public void constantsMatchExpectedHeaderAndValue() {
assertThat(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)
.isEqualTo("X-Content-Type-Options");
assertThat(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF).isEqualTo("nosniff");
}
@Test
public void writeHeadersWhenNoHeadersThenWriteHeadersForXContentTypeOptionsServerHttpHeadersWriter() {
this.writerXContentType.writeHttpHeaders(this.exchangeXContentType);
assertThat(this.headersXContentType).hasSize(1);
assertThat(this.headersXContentType.get(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
.containsOnly(XContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
}
@Test
public void writeHeadersWhenHeaderWrittenThenDoesNotOverrideForXContentTypeOptionsServerHttpHeadersWriter() {
String headerValue = "value";
this.headersXContentType.set(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
this.writerXContentType.writeHttpHeaders(this.exchangeXContentType);
assertThat(this.headersXContentType).hasSize(1);
assertThat(this.headersXContentType.get(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
.containsOnly(headerValue);
}
@Test
public void constantsMatchExpectedHeaderAndValueForXContentTypeOptionsServerHttpHeadersWriter() {
assertThat(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)
.isEqualTo("X-Content-Type-Options");
assertThat(XContentTypeOptionsServerHttpHeadersWriter.NOSNIFF).isEqualTo("nosniff");
}
}