Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-31 06:38:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-2331: Cache Control now includes Expires: 0

Browse Source
This commit is contained in:
Rob Winch 2013-09-19 14:06:37 -05:00
parent c5c1419521
commit 8f8c6169e8
6 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy
View File

@ -79,6 +79,7 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains', 'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Pragma':'no-cache', 'Pragma':'no-cache',
'Expires' : '0',
'X-XSS-Protection' : '1; mode=block'] 'X-XSS-Protection' : '1; mode=block']
} }

2
config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy
View File

@ -49,6 +49,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
'X-Frame-Options':'DENY', 'X-Frame-Options':'DENY',
'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains', 'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Expires' : '0',
'Pragma':'no-cache', 'Pragma':'no-cache',
'X-XSS-Protection' : '1; mode=block'] 'X-XSS-Protection' : '1; mode=block']
} }
@ -128,6 +129,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
springSecurityFilterChain.doFilter(request,response,chain) springSecurityFilterChain.doFilter(request,response,chain)
then: then:
responseHeaders == ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', responseHeaders == ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Expires' : '0',
'Pragma':'no-cache'] 'Pragma':'no-cache']
} }

2
config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.groovy
View File

@ -49,6 +49,7 @@ public class NamespaceHttpHeadersTests extends BaseSpringSpec {
'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains', 'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Pragma':'no-cache', 'Pragma':'no-cache',
'Expires' : '0',
'X-XSS-Protection' : '1; mode=block'] 'X-XSS-Protection' : '1; mode=block']
} }
@ -69,6 +70,7 @@ public class NamespaceHttpHeadersTests extends BaseSpringSpec {
springSecurityFilterChain.doFilter(request,response,chain) springSecurityFilterChain.doFilter(request,response,chain)
then: then:
responseHeaders == ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', responseHeaders == ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Expires' : '0',
'Pragma':'no-cache'] 'Pragma':'no-cache']
} }

5
config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
View File

@ -54,6 +54,7 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests {
'X-Frame-Options':'DENY', 'X-Frame-Options':'DENY',
'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains', 'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Expires' : '0',
'Pragma':'no-cache', 'Pragma':'no-cache',
'X-XSS-Protection' : '1; mode=block']) 'X-XSS-Protection' : '1; mode=block'])
} }
@ -332,7 +333,9 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests {
when: when:
springSecurityFilterChain.doFilter(new MockHttpServletRequest(), response, new MockFilterChain()) springSecurityFilterChain.doFilter(new MockHttpServletRequest(), response, new MockFilterChain())
then: then:
assertHeaders(response, ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate','Pragma':'no-cache']) assertHeaders(response, ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Expires' : '0',
'Pragma':'no-cache'])
} }
def 'http headers hsts'() { def 'http headers hsts'() {

1
web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
View File

@ -44,6 +44,7 @@ public final class CacheControlHeadersWriter extends StaticHeadersWriter {
List<Header> headers = new ArrayList<Header>(2); List<Header> headers = new ArrayList<Header>(2);
headers.add(new Header("Cache-Control","no-cache, no-store, max-age=0, must-revalidate")); headers.add(new Header("Cache-Control","no-cache, no-store, max-age=0, must-revalidate"));
headers.add(new Header("Pragma","no-cache")); headers.add(new Header("Pragma","no-cache"));
headers.add(new Header("Expires","0"));
return headers; return headers;
} }
} }

3
web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java
View File

@ -47,8 +47,9 @@ public class CacheControlHeadersWriterTests {
public void writeHeaders() { public void writeHeaders() {
writer.writeHeaders(request, response); writer.writeHeaders(request, response);
assertThat(response.getHeaderNames().size()).isEqualTo(2); assertThat(response.getHeaderNames().size()).isEqualTo(3);
assertThat(response.getHeaderValues("Cache-Control")).isEqualTo(Arrays.asList("no-cache, no-store, max-age=0, must-revalidate")); assertThat(response.getHeaderValues("Cache-Control")).isEqualTo(Arrays.asList("no-cache, no-store, max-age=0, must-revalidate"));
assertThat(response.getHeaderValues("Pragma")).isEqualTo(Arrays.asList("no-cache")); assertThat(response.getHeaderValues("Pragma")).isEqualTo(Arrays.asList("no-cache"));
assertThat(response.getHeaderValues("Expires")).isEqualTo(Arrays.asList("0"));
} }
} }